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Section  0 THE  RATIONALE  FOR  A FIRST-ORDER  PROOF  CHECKER 


The  render  ready  lo  plunge  right  into  tanking  FOI.  proof * mny  *kip  I o tenion  I. 

The  Idea  of  doing  mathematical  reasoning  mechanically  goes  back  to  Leibniz,  but  It  was  not 
until  the  end  of  the  last  century  that  Frege  and  Peano  developed  the  first  completely  formal 
systems  adequate  for  expressing  some  kinds  of  reasoning.  Much  of  the  work  of  Whitehead  and 
Russell  was  an  attempt  at  demonstrating  that  large  parts  of  mathematics  could  actually  be 
expressed  within  such  systems.  After  these  initial  successes,  however,  the  Interest  of  logicians 
changed  from  proving  theorems  within  mathematical  systems  to  proving  meta-theorems  about 
such  systems. 

Even  before  Coedel's  work,  It  was  intuitively  clear  that  checking  proofs  was  different  from 
finding  them.  It  Is  an  essential  part  of  t/*e  idea  of  formal  system  that  proofs  can  be  checked 
mechanically,  whereas  finding  proofs  mechanically  was  always  regarded  as  a research  problem. 
This  distinction  was  clarified  by  the  work  of  Coedel,  Tarski,  Turing  and  Church  which  showed 
that  algorithms  for  finding  proofs  can  work  infallibly  only  in  limited  domains  and  that  some 
mathematical  ideas  cannot  be  completely  characterized  by  axiomatic  systems. 

The  advent  of  computers  and  the  beginning  of  the  study  of  artificial  Intelligence  gave  rise  to 
attempts  to  explore  experimentally  what  can  be  proved  by  machine.  There  has  been  steady 
progress  In  this  endeavour,  bn<  twenty  years  work  leaves  us  a long  way  from  being  able  to  prove 
Important  mathematical  theorems. 

Knowing  that  mechanical  theorem  proving  has  a long  way  to  go  justifies  a renewed  interest  in 
the  more  straight-forward  task  of  proof-checking  by  computer.  Moreover,  while  it  is  not  as 
Interesting  to  check  proofs  by  computer  as  to  make  computers  prove  the  theorems,  proof- 
checking  has  obvious  potential  applications.  The  most  important  of  these  Is  proving  that 
computer  programs  meet  their  sp*cif'C&tions  since  the  reasoning  Involved  Is  lengthy  although 
usually  straightforward  • or  so  Ou  Intuition  tells  us.  Since  a computer  program  Is  a 
mathematical  object  whose  properties  at  determined  entirely  by  its  symbolic  form,  It  is  a 
mathematical  disgrace  to  have  to  debug  (hem  cas.  by  case  rather  than  proving  them  correct  in 
general.  Since  the  programs  are  long,  the  proofs  of  correctness  will  be  long,  and  since 
programmers  sometimes  think  wishfully,  It  Is  obviously  desirable  that  the  proofs  be  checked  by 
computer. 

It  Is  also  Interesting  to  see  If  we  can  check  the  proofs  of  Interesting  mathematical  theorems  even 
though  the  problem  Is  of  less  practical  urgency,  since  the  human  refereeing  process  works  quite 
well. 

At  first  sight,  computer  proof  checking  seems  almost  trivial.  We  know  that  almost  all  practical 
mathematical  reasoning  can  be  done  in  axiomatic  set  theory  which  in  turn  is  expressed  in  first 
order  predicate  calculus.  Therefore,  it  would  seem  that  all  we  need  do  Is  to  make  a proof  checker 
for  predicate  calculus,  choose  either  the  Zermelo-Fraenkel  or  the  Coedel-Dernays-von  Neumann 
axioms  for  set  theory  and  write  and  check  our  proofs.  This  is  one  of  the  things  the  FOL  project 
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is  doing,  but  in  order  that  its  formal  proofs  should  not  be  substantially  longer  than  conventional 
mathematical  proofs,  it  is  necessary  to  reformulate  the  usual  logical  systems.  This  can  be 
thought  of  as  an  effort  to  produce  a formal  system  in  which  the  rules  of  inference,  as  well  as 
the  expressive  power  of  the  language,  is  moie  closely  correlated  with  actual  mathematical 
practice.  The  use  of  a computer  allows  for  the  introduction  of  complicated  rules  of  inference 
whose  inetamathematics  Is  not  simple.  FOL  provides  for  the  following: 

(1)  Its  notion  of  a first-order  language  includes  function  symbols,  equality  and  other  usual 
mathematical  notation,  such  as  infix  operators,  n-tuple  notation: 

(2)  the  user  can  declare  sorts  and  declare  variables  to  range  over  given  sorts.  This  greatly  reduces 
the  length  of  axioms  and  theorems  and  corresponds  to  the  fact  that  in  an  informal  proof  a 
context  Is  established,  and  the  reader  knows  that  a certain  part  of  the  proof  is  carried  out  within 
the  context; 

(3)  the  decision  procedures  for  certain  simple  domains  are  built  into  the  system.  This  allows 
some  proofs  to  be  much  shorter  than  usual  mathematical  proofs,  because  the  computer  can  go 
through  some  quite  complex  chains  of  reasoning  by  itself.  At  present,  propositional  deduction 
and  a fragment  of  the  theory  of  equality  have  been  implemented.  The  Boolean  algebra  of  sets 
and  elementary  commutative  algebra  are  planned: 

(4)  some  facilities  for  introducing  definitions  have  been  implemented; 

(5)  a facility  is  provided  for  defining  the  interpretations  of  constants  and  predicate/function 
symbols,  and  for  computing  within  a model  of  the  language.  This  means,  for  example,  that 
algebrak  and  LISP  functions  can  be  calculated  directly,  rather  than  being  synthetically  derived: 

(6)  some  primitive  facilities  are  available  for  metamathematical  reasoning: 

(7)  rules  of  inference  for  some  interesting  modal  logics  are  provided. 

The  domains  which  are  being  explored  by  means  of  FOL  proofs  include: 

(i)  CLASSICAL  MATHKMATICS.  This  is  the  single  most  striking  success  in  our  ability  to 
reprtstnt  reasoning  in  terms  of  formal  derivations.  How  close  are  these  derivations  to  a 
mathematician's  Informal  proof?  Do  they  constitute  a faithful  representation  of  his  reasoning? 
How  are  the  Inference  rules  of  our  logic  related  to  the  actual  rules  of  evidence  he  uses  when 
convincing  li  Ini  seif  of  some  truth?  The  answers  to  these  questions  are  important  In  determining 
whether  we  can  make  computer-checkable  proofs  that  are  not  enormously  longer  than  the  proofs 
in  mathematical  journals.  Experiment  with  the  use  of  FOL  in  classical  mathematics  will  help 
answer  them.  Theoretical  studies  of  the  intensional  properties  of  proofs  such  as  those  of  Kreisel 
(1971a, 1971b)  are  also  relevant.  Moreover,  it  turns  out  that  a large  part  of  many  mathematical 
proofs  In  the  literature  are  really  at  the  metamathematical  level,  l.e.  they  are  reasoning  about  the 
reasoning  In  the  axiomatic  system.  Thus  It  can  happen  that  a simple  theorem  prover  or  proof- 
checker  is  not  even  capable  of  expressing  the  theorems  of  mathematicians,  let  alone  proving 
them; 


(ii)  MATHEMATICAL  THEORY  OF  COMPUTATION.  (McCarthy  1963,  Floyd  1967,  Manna 
I974)and  others  have  shown  how  first-order  theories  can  be  used  in  proving  properties  of 
programs.  Making  this  into  a tool  for  verifying  programs  before  they  are  widely  disti ibiited  is 
one  of  the  major  goals  of  the  FOL  project.  This  will  require  further  research  in  formalizing  the 
properties  of  programs,  the  ability  provided  by  the  attachment  feature  of  FOL  to  establish 
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decidable  properties  of  parts  of  the  program  by  direct  calculation  rather  than  step-by-step 
Inference,  and  a great  deal  of  experiment  aimed  at  making  the  proofs  correspond  to  the 
program tner's  informal  reasoning  that  his  program  does  what  it  should; 


(ill)  REPRESENTATION  THKOKY.  Common  sense  reasoning  is  being  represented  in  FOL  in 
the  style  of  (McCarthy  and  Hayes  1969).  As  in  proving  programs  correct,  purely  inferential 
reasoning  must  be  supplemented  by  assertions  directly  computed  from  the  data  base 
representing  the  environment:  again  the  FOL  attachment  feature  is  the  key  device  used.  Even 
more  experiment  will  be  required  before  the  form  proofs  correspond  to  informal  reasoning 
than  in  the  case  of  mathematics,  because  this  area  has  not  been  well  explored  (perhaps  only  by 
McCarthy.  Hayes  1374.  and  Sandcwall  1970).  Particular  problems  are  the  axiomatization  of  time, 
simultaneity,  causality,  knowledge,  and  the  geometric  reasoning  Involved  in  perception. 
Metamathematics  also  comes  in.  particularly  when  it  is  necessary  to  reason  about  knowledge  and 
belief.  We  hope  that  axiomatizing  the  metamathematics  of  FOL.  I.e.  the  structure  and  truth 
conditions  of  FOL  sentences  together  with  a reflection  p tnciple,  suitably  restricted  to  avoid 
paradoxes,  will  enable  us  to  express  common  sense  reasoning  about  knowledge,  belief,  truth  and 
falsehood. 

FOL  Is  committed  to  a system  of  natural  deduction.  The  use  of  the  word  'natural'  If  best 
explained  by  Prawitz  himself  (Prawitz.1965): 

'System*  of  natural  deduction , interned  hy  Jorkourki  and  by  Centzen  in 
the  early  I'fJO'r,  constitute  a form  for  the  development  of  logic  thot  is 
natural  in  many  rerpeetr.  In  the  firm  place,  there  is  a similarity  between 
natural  ded union  and  iiitiiilire,  informal  rea inning.  The  inference  ruler  of 
the  systems  of  natural  deduction  correspond  closely  tn  procedure s common 
in  intuitive  reason  in#,  and  ulien  informal  proof * — inch  os  are  eneountered 
in  mathematics  for  example  — are  formalized  within  there  systems,  the 
nioiu  structure  of  the  informal  proof t roil  often  he  preserved.  This  in  itself 
giver  the  systems  of  natural  deduetion  on  interert  nr  an  explication  of  the 
informal  concept  of  logical  deduction. 

Ceil  lien's  lorioul  of  natural  deduction  it  natural  alto  in  a deeper  sense. 

Hit  inference  ruler  show  o noteworthy  systematization,  which,  among  other 
thingr,  it  rlorely  related  to  the  interpretation  of  the  logical  rignr. 
t u ’thermore,  at  will  he  rhoun  in  thit  rtudy,  hit  ruler  allow  the  deduction  to 
proceed  in  a certain  direct  fathion,  affording  on  intererting  normal  form 
for  deductions..  The  remit  that  every  natural  deduction  can  he  tronrfortned 
into  thit  normal  form  it  equivalent  to  tn/iot  is  known  or  Hauptsatz  or  the 
normal  form  theorem,  a boric  remit  in  proof  theory,  which  war  rrtohlithed  hy 
Centzen  for  the  calculi  of  sequent*.  The  proof  of  thir  rerull  for  systems  of 
natural  deduction  is  in  mony  mays  simpler  mid  more  illuminating. 

In  thit  mnnuo  , mart  of  the  metoniothematicol  notions  dircurred  will  he  referred  to  hv  word r.  in  the 
following  font  e.g.  SYNTYPE,  INDVAR,  WFF.  There  notiour  will  play  a greater  role  in  later  vertionr  of 
FOL. 
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Section  l THE  NOTION  OF  AN  FOL  LANGUAGE 


In  FOL  the  user  specifies  a first-order  language  by  making  a set  of  DECLARATIONS  (see  Section 
4.3).  The  proof-checking  system  then  generates  a proof  checker  and  a collection  of  rules  specific 
to  that  system.  v 

An  FOL  language  is  determined  by  specifying  a way  of  building  up  expressions,  usually  called 
well  formed  formulas  or  WFFs,  from  collections  of  primitive  symbols.  In  FOL  these  classes  of 
symbols  are  called  SYNTYPEs.  They  are: 

1.  logical  constants: 

a)  sentential  constants  ■ SENTCONSTs:  FALSE.  TRUE 

b)  sentential  connectives  • SENTCONNs:  ',a,v,3,» 

c)  quantifiers  - QUANT:  V.  3 

2.  auxiliary  symbols:  • AUXSYM:  T and  T 

3.  sets  of  variable  symbols: 

a)  individual  variables  • INDVARs. 

b)  individal  parameters  • INDPARs. 

4.  a set  of  n-ptace  predicate  parameters  - PREDPARs. 

These  symbols  are  used  to  form  those  sentences  common  to  all  FOL  languages.  Sometimes  a 
language  L may  also  contain  symbols  which  are  intended  to  have  interpretations  which  are 
fixed  relative  to  the  domain  of  the  interpretation.  Examples  are:  V in  set  theory  In  first 
order  logic  with  equality.  "O’  and  "Sue"  In  arithmetic.  These  are  represented  by 

5.  sets  of  constant  symbols: 

a)  individual  constants  • INDCONSTs. 

b)  n-placc  operation  symbols  • OPCONSTs. 

c)  n-place  predicate  constants  - PREDCONSTs. 

In  addition  one  can 

6.  restrict  the  range  of  a variable  symbol  to  some  PREDCONST  by  declaring  It  to  be  a SORT. 

7.  designate  a partial  order  to  hold  among  some  of  those  PREDCONSTs  which  have  been  declared 

to  be  SORTs; 

TERM,  AWFFs  (atomic  well  formed  formulas),  and  WFFs  (well  formed  formulas)  are  defined  In  the 
usual  way. 
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A formal  description  of  these  languages  and  of  the  notion  of  SORT  is  given  in  appendix  I The 
entire  extended  syntax  of  FOL  is  described  in  appendix  2. 

A first-order  THEORY  is  defined  by  a (possibly  empty)  set  of  sentences  of  L.  called  AXIOMS.  It  is 
the  creation  of  such  theories  and  the  checking  of  valid  deductions  In  them  that  is  the  main 
purpose  of  the  computer  program  FOL. 
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Section  2 THE  NOTION  OF  AN  FOL  DEDUCTION 


A derivation  (tlie  following  description  of  which  is  taken  almost  verbatim  srom  Prawiti  1965) 
begins  by  inferring  a consequence  from  some  ASSUMPTIONS  or  AXIOMS  by  mean*  of  one  of  the 
RULEs  listed  below.  We  indicate  this  by  writing  the  formulas  assumed  on  a horizontal  line  and 
tiie  formula  Inferred  immediately  below  this  lint.  On  the  computer  this  can  be  repeated  using 
previous  consequences  as  new  hypothesis.  This  generates  a tree,  which  we  caii  a DERIVATION. 
Thus  If  we  wish  to  derive  A3(BaC)  from  (AsBWAsC)  we  write: 

(flsBtAtflsC)  <AsB>a(PsC> 

d tflsB)  A («3C) 

B C 


<BaC> 

At  each  step  so  far,  the  configuration  is  a DERIVATION  of  the  undermost  formula  from  the  set  of 
formulas  that  appear  as  ASSUMPTIONS.  The  assumptions  are  the  uppermost  formula  ocerrrences. 
and  we  say  that  the  undermost  formula  depends  on  these  ASSUMPTIONS.  Thus,  the  example  above 
Is  a deduction  of  BaC  from  the  set  of  assumptions  {{AaBWAaQA},  and  in  this  deduction,  BaC 
Is  said  to  depend  on  the  top  occurrences  of  these  formulas. 

As  the  result  of  some  inferences,  however,  the  formula  Inferred  becomes  independent  of  some  or 
all  assumptions,  and  we  then  say  that  we  discharge  the  assumptions  In  question.  There  are  four 
ways  to  discharge  assumptions,  namely: 

(1)  Given  a deduction  of  B from  {A}Ul\  we  may  infer  AaB  and  discharge  the  assumptions 
of  the  form  A: 

(2)  Given  a deduction  of  FALSE  from  {'A}>jl\  we  may  infer  A and  discharge  the 
assumptions  of  the  form  -A; 

(3)  Given  three  deductions,  one  of  C from  {Ajur,.  one  of  C from  {B}UF2  and  one  of  AvB. 
we  may  infer  C and  discharge  the  assumptions  of  the  form  A and  B tiiat  occur  in  the 
first  and  second  deductions  respectively,  i.e.  below  the  end-formulas  of  the  three 
deductions,  we  may  write  C and  then  obtain  a new  deduction  of  C independent  of  the 
mentioned  assumptions; 

(4)  Given  a deduction  of  B from  {A[x*-a]}ur  and  a deduction  of  3x.A,  we  may  infer  B and 

discharge  ass ptions  of  the  form  A[x»-a),  provided  that  a does  not  occur  in  3x.A,  in 

B.  or  In  any  assumption  • other  than  those  of  the  form  A[x*-a]  - on  which  B depends 
In  tiie  given  deduction. 


To  continue  the  deduction  above,  we  may  write  A»(BaC)  beiow  BaC  and  obtain  a deduction  of 
A»{BaC)  from  {(A3B)a(A3C)}. 
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Section  3 THE  RULES  OF  INFERENCE 


The  Inference  rules  consist  of  an  introduction  (I)  and  an  elimination  (E)  rule  for  each  logical 
constant.  The  letters  within  parentheses  indicate  that  the  inference  rule  discharges  assumptions 
as  explained  above.  & K 


At) 

B B 

a£) 

AaB  AaB 

Ba| 

A B 

vl) 

B B 

v£> 

(A)  IB) 
AvB  C C 

BvB  flvfi 

C 

(A) 

Stl 

B 

A AjB 

AsB 

6 

VI) 

A 

VE) 

Vx.A 

V«.Bt»*«J 

AU-!) 

31) 

Bt»*n 

3E) 

lAloll) 
3a. A I 

3«.B 

1 

-I) 

(R) 

FALSE 

-C) 

<-40 

FALSE 

-a 

A 

ft, 

-A  A 

FE) 

FALSE 

FALSE 

A 

• I) 

AjB  BsA 

■E) 

AiB  AiB 

AiB 

AsB  BjA 

Restriction  on  the  V/  rule,  a must  not  occur  in  any  assumption  on  which  A depends. 


Restriction  on  the  3 E-Rule:  a must  not  occm  In  3x.A,  In  B,  or  In  any  assumption  on  which 
upper  occurrence  of  B depends  other  than  A[x*-aJ. 


the 
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I 

I 

I 

1 

I 

1 


I 

I 

I 

[ 

s 

I 


Section  3,1  An  FOL  deduction  using  the  computer 

We  show  here  the  computer  interaction  necessary  to  check  the  derivation  given  in  Section  2. 

In  this  and  all  succeeding  sections  examples  of  Interactions  with  the  computer  will  appear  in  small 
type.  Those  lines  which  are  typed  by  the  wer  will  be  preceeded  by  five  stars  The  other  lines 

are  those  typed  by  the  computer 

To  derive  A=>(BaC)  from  (AaBWAaC),  we  proceed  as  follows. 

»»»#«0ECLBRE  SENTCONST  fl,|,C| 

•»*«*BSSUHE  (Rj6)a(PjC)| 

1 (PjBIaIPjC)  (1) 

«**maE  1,1) 

2 (P?B)  (1! 

MM'Pssunc  ii | 

3 P (3) 
mhoE  2,3) 

4 B (13) 

1,2) 

5 (PjC)  (1) 
mimjE  3 , S i 

6 C (13) 

***«*a|  4 a5 i 

7 BaC  (1  3) 

««*«*}|  3>7| 

S Ps(BaC)  (1) 

Each  LINE  typed  by  the  computer  contains:  I)  a LINENUM,  which  labels  that  LINE:  2)  the  WFF 
representing  the  result  of  applying  the  RULE  typed  by  the  user  on  the  iine  above:  3)  a list  of 
numbers  representing  those  LlNEs  of  the  proof  on  which  the  WFF  depends.  Consider  the  LINE 
beglning  with  7 in  the  above  example.  7 is  its  LINENUM,  BaC  is  the  WFF  on  this  LINE,  and  the 
derivation  of  BaC  on  this  LINE  depends  on  the  assumptions  on  LlNEs  I and  3.  This  LINE  was 
generated  by  the  user  specifying  as  a RULE  aI  (AND  introduction)  using  lines  4 and  5.  This 
information  Is  typed  by  the  user  and  In  the  example  appears  directly  above  LINE  7 of  the  proof. 
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There  are  two  other  things  to  notice  about  this  example.  The  first  thing  typed  by  the  user  was 
a declaration  stating  that  A.B  and  C are  SENTCONSTs.  Making  declarations  is  essential.  Failure 
to  declare  an  identifier  is  the  most  common  reason  for  a syntax  error  Second  is  that  v.  hen  si 
is  applied  to  LINES  3 and  7,  LINE  3 has  been  removed  from  the  list  of  dependencies  of  the  new  LINE. 
This  corresponds  to  the  description  of  this  rule  given  on  each  of  the  previous  two  jagcs.  The 
exact  format  of  the  commands  a user  must  type  to  the  computer  is  explained  in  serrion  4. 


FOL  Manual 


Page  10 


Section  9 2 Implementation  ■ user  oriented  features  of  FOL 

There  are  several  differences  between  the  machine  implemention  of  FOL  mid  the  description 
given  above  and  in  Appendix  I.  These  differences  are  usually  for  the  purpose  of  making  life 
easier  for  the  user  The  description  in  the  Appt«(*<\  presents  a clean  version  of  tiie  logic  so  tiiat 
the  metamatheniatics  can  be  discussed  In  a straight-forward  way.  The  major  differences  are 
described  briefly  below;  more  detailed  descriptions  occur  In  the  appropriate  sections  of  the 
sequel. 


Section  9.21  Individual  symbols 

In  Prawitz’s  logic,  individual  variables  (INDVARs)  may  only  appear  bound,  and  individual 
parameters  only  free  In  FOL.  this  restriction  is  relaxed,  and  INDVARs  may  appear  fre?  as  well  as 
bound  in  well-formed  formulas.  IT JDPARs,  however,  must  always  appear  free.  Additionally, 
natural  numbers  are  automatically  declared  to  be  INDCONSTs  of  SORT  NATNIIM. 


Section  9.22  Prefix  and  Infix  notation 

FOL  allows  a user  to  specify  that  biliary  predicate  and  operation  symbols  are  to  be  used  as 
Infixes.  The  declaration  of  a unary  application  symbol  !o  be  prefix  makes  the  parentheses 
around  Its  argument  optional.  The  number  of  argument;  of  an  application  term  is  called  its 
ARITY.  Section  4.1  describes  Imw  to  make  such  declarations. 


Section  9.29  Extended  notion  of  TERMs 

In  addition  to  ordinary  application  terms,  FOL  accepts  TERMs  representing  finite  sets, 
comprehension  terms,  n-tuplcs  and  LISP  s-expressions.  A detailed  description  of  the  s/ntax  of 
these  terms  Is  to  be  found  In  Appendix  2. 


Section  9 24  T he  Equality  of  \V F F s 

The  description  of  subsitiitinn  given  in  Section  4.35  is  consistent  with  FOL’s  notion  of 
equivalence  of  WFFs.  The  pronf-ciirckrr  always  considers  two  WFFs  to  be  equal  If  they  can  both 
be  changed  into  the  same  WFF  by  making  allowable  changes  of  bound  variables.  Thus,  for 
example,  the  TAUT  rule  wiii  accept  Vx.P(x)oVy,P(y)  as  a tautology. 


Section  9 25  VLs  and  subparts  of  WFFs  andTERMs 

FOL  as  Implemented  offers  very  powerful  and  convenient  techniques  for  referring  to  objects  in 
a proof:  essentially,  any  well-formed  expression  has  a name,  and  can  be  manipulated  as  a single 
entity.  A VL  is  a name  of  a part  of  a derivation.  There  are  several  kinds  of  VLs:  for  example,  a 
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label  represents  a line-nun. ber,  the  WFF  on  that  line,  and  a list  ~>f  the  dependencies  of  that  line  in 
the  derivation. 

The  syntax  of  VLs  is  very  extensive  an  J a review  of  it  will  be  Irft  to  Appendix  2. 


Section  3.26  Axioms  and  Assumptions 

FOL  allows  the  specification  of  certain  WFFs  as  AXIOMs.  The  difference  between  these  and 
ASSUMPTIONS  is  that  the  former  are  not  mentioned  explicitly  as  dependencies  of  any  lines  of  the 
derivation.  Thus  every  proof  checked  by  FOL  tacitly  depends  on  a set  of  AXIOMs. 


Section  3.27  FOL  derivations 

As  opposed  to  a tree,  a deduction  in  FOL  consists  of  a collection  of  AXIOMs  and  a linear  sequence 
of  lines,  ea.'li  line  representing  cither  an  ASSUMPTION  o*  a DEDUCTION  from  the  previous  lines 
(and  axioms). 


Section  3.2S  SORTs 

The  addition  of  SORTs,  and  specification  of  a partial  order  over  them,  constitutes  a major 
extension  of  FOL  from  a computational  point  of  view.  Their  meaning  and  use  Is  discussed  in 
the  sections  on  declarations  and  the  quantifier  rules. 


FOL  Manual 


Page  12 


Section  4 USING  THE  PROOF  CHECKER 


FOL  is  invoked  al  the  Stanford  A I Lab  by  typing  R FOL  to  the  monitor.  A backup  file  is 
automatically  opened  onto  which  input  is  saved!  the  name  of  this  file  may  be  altered  by  means 
of  the  BACKUP  command  (rule  injut).  To  save  ait  entire  core  image  type  the  command  ‘EXIT;’ 
and  SAFE  'filename*',  to  restart  type  RU  < filename > and  you  will  be  where  yon  left  off. 

The  commands  fall  naturally  into  several  classes: 

1.  Commands  for  defining  the  first-order  language  under  consideration:  that  is  to  say. 
commands  for  making  ihr/aiations: 

2.  Commands  for  defining  axioms: 

3.  Commands  for  mat  ing  assumptions  and  applying  the  rules  of  inference  to  generate 
new  steps  in  a derivation: 

4.  Administrative  commands,  which  do  not  alter  the  state  of  the  derivations,  but  enable 
various  book-keeping  functions  to  be  carried  out. 


In  this  manual  thr  syntax  of  KOI.  will  hr  described  usinp  a modified  form  of  thr  MI.ISP2  notion  of  pallrrn. 
These  form  ihr  basic  constructs  of  the  KOI.  parser. 

1.  Identifiers  which  appear  in  pallerns  are  to  he  taken  literally. 

2.  Pallerns  for  synlalir  types  are  surrounded  by  anplr  brackets.  Thus  <wff>  is  a WFF. 

3.  Patterns  for  repetitions  are  designated  by: 

KEI'n[  'pattern}  ] means  n or  more  repealed  PATTERNS. 

If  a RKI’n  has  two  arguments  then  ihe  second  argument  is  a pattern  that  aris  as  a separator.  So 
that  KI\P1[  'wff\  , ] nieans  one  or  more  U'KKs  seperaled  by  rommas. 

4.  Alternatives  appear  as  AI.T[  <PATTKRNl>  | ...  | <PATTKRNn>  ]. 

Al  'I  [ 'wffN  I lernO  ] means  either  a WFF  or  a TERM. 

5.  Optional  llnii/’s  appear  as  ()I’T[  ^pattern)  ] 

Rh,P2[  wff>,()PT'[,]]  means  a sequence  of  two  or  more  WFFs  optionally  separated  by  commas. 
These  conventions  are  combined  with  the  comparatively  standard  Backus  Normal  form  description. 
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Section  41  System  Specification 

The  first  step  in  specifying  a first-order  theory  is  the  description  of  the  language  which  is  to  be 
used.  This  Is  done  by  defining  the  symbols  of  the  language,  using  the  declaration  commands. 
These  commands  specify  which  symbols  are  to  be  variables,  constants  and  predicate  or  function 
symbols 

Section  4.11  Declarations 

As  we  mentioned  above,  one  ol  the  first  things  that  a user  of  FOL  must  do  is  to  define  the  FOL 
language  to  he  considered.  Every  identifier  in  a proof  must  be  declared  to  have  a SYNTYPE. 
Only  nine  of  these  types  can  be  declared  by  the  user.  They  are: 

1.  SYNTYPE  1 

a)  INDVAR  (individual  variables) 

b)  INPPAR  (individual  parameters ) 

c)  INDCONST  (individual  constants) 

d)  SENTPAR  (sentential  parameters) 

e)  SENTCONST  (sentential  constants) 

2.  SYNTYPE2 

a)  PREDPAR  (predicate  paramet  r«  with  one  or  more  arguments) 

b)  PREDCONST  (predicate  <.onstunts) 

c)  OPPAR  (operation  parameters  or  function  parameters) 

d)  OPCONST  (operation  constants  or  function  constant:.) 

Declarations  are  fixed  within  a proof  and  once  made  they  iannot  be  changed. 

DECLARE  ALU  REP1  (ointpldeo  nPT(,]]  I REP1  (opp I der  * OPT ( , J ] ] • 

There  are  two  kinds  of  SYNTYPEs,  those  of  symbols  which  take  arguments.  SYNTYPE2*  and  those 
which  do  not.  SYNTYPEls. 

«*yntyptl>  i«  PLTC  «indsy«>  | <itnliyiii>  ] 

<syntyp«2>  i*  RLT(  «prtdsym>  | <opiy*>  ] 

The  idea  of  SORTs  is  to  allow  a user  of  FOL  to  restrict  he  ranges  of  function  to  some 
predetermined  set.  This  correspond  to  the  usual  practice  of  m;  thematiciar.s  of  saying  let  f be  a 
function  which  maps  integers  into  integers.  In  FOL  a SORT  is  just  a PREDCONST  of  ARITY  1.  i.e. 

a property  of  individuals.  The  effect  of  this  informal  restriction  to  integers  is  achieved  In  FOL 
by 

♦♦♦♦♦DECLARE  PREDCONST  INTECER  li 


1 
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followed  by 


•••••DECLARE  OPCONST  « ((NTCCEM,  ( NTECER ) - 1 NTECER  | 


A PSEUDOSORY  is  an  identifier  which  has  not  yet  keen  declared  but  is  assumed  to  be  a PREDCONST 
of  ARiTY  I and  is  declared  such  because  of  the  context  in  which  it  appears.  If  INTECER  had 
not  been  separately  declared  in  Its  appearance  in  the  second  command  it  would  have  been 

considered  to  be  a PSEUDOSORT  and  declared  accordingly.  There  is  one  special  PSEUDOSORT,  i.e. 
the  PREDCONST  UNIVERSAL.  This  represents  the  most  general  SORT  and  is  the  default  option 
whenever  SORT  specifications  are  optional.  In  declarations  it  can  also  be  abbreviated  by  V. 
The  MOSTCENERAL  command  explained  in  the  next  section,  can  be  used  to  change  the  name 
of  the  MOSTGENERAL  SORT. 

<pttudotorl>  i*  ALTt  «ld»nllll»r>  | t t 

Simple  declarations 


ctlffpldto  !•  *tyntypil>  *idl  lit>  OPT  l < «pMudoiort>  ) 

Examples  of  simple  declarations: 

•••••DECLARE  INDVAR  x y !| 

• ••••DECLARE  1 NO  VAR  • b c « S.l,  A 1 C < CU*«| 


Application  declarations 


<«pp  ldtc> 
cirqdto 
<*rq«or 1 > 

»*or lr*p» 


ia  <«tjnlqp«2>  a I d 1 1 • I > «»rqdje>  OPT t ( «bpd»e>  1 ) 
la  ALT!  «»rq«orl>  | «n»lnu»>  I 
la  ALT!  i »«orlr»p>  ALT t» |a)  «pMudo*orl>  I 
( <»orlr»p>  I ALT !■ j a)  <pttudo«orl>  ) 

■a  REPlt  »p»»udo»or!>  , DPT [ALT [ • | ,1 1 ) 


cbpdto  ia  ALT!  «rbp>  | <rbp»  <lbp»  | <tbp»  «rbp»  | tNf  | PRE  ) 

«rbp»  la  A » <n»lnun> 

«lbp»  la  L * <n*lnu*> 


Examples  of  application  declarations: 

• ••••OECLARE  OPCONST  EXPttnl , Ini  I a|nl  IL*»S»  R*«MI  | 

The  meaning  of  this  dcclaraion  is  that  EXP  is  an  OPCONST,  it  has  two  arguments  (ARITY  2).  both 
of  which  are  of  SORT  Int.  It  also  has  a value  of  SORT  Int,  and  is  to  be  used  as  in  infix  operator 
with  a right  binding  power  of  800  and  a left  binding  power  of  850.  This  could  also  be  declared 
by 


•••••OECLARE  OPCONST  EXPi lnl»lnl*lnl  IL-SSI  R*#MI  | 
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Simpler  declarations  can  be  made  if  you  don't  wish  to  specify  so  much  Information. 

♦ ♦♦♦♦DECLARE  OPCONST  EXP,  InUlnNlnt  (INfl  , 

declares  EXP  the  same  as  above  out  uses  the  default  infix  bindings  R«-500.  L«-550, 

♦♦♦♦oOECLARE  OPCONST  E XP ( lnl , lnl >. lnl, 

simply  makes  EXP  an  ordinary  applicative  function,  so  you  must  type  EXP(a.b)  rather  than  (a 
EXP  b),  Further  siniplificiiou  can  be  made  if  less  sori  information  is  wanted 

♦♦♦♦OECLARE  OPCONST  EXP (lnl, lnl) , 

makes  the  value  of  EXP  have  the  SORT  UNIVERSAL  (the  MOSTGENERAL  SORT),  and 

♦ ♦♦♦*0£Cim,E  OPCONST  EXP  2, 

just  says  It  has  ARITY  2.  Of  course 

♦♦♦♦♦DECLARE  OPCONST  EXP  2 (INF) 

♦♦♦♦♦DECLARE  OPCONST  EXP  2 IL-AS0  R.mi  , 

have  the  obvious  meaning.  This  section  has  illustrated  most  of  common  ways  of  making 
declarations.  There  are  soirn  other  examples  scattered  throughout  this  manual. 


Section  4.12  SORT  manipulation 

There  are  several  commands  which  affect  the  SORT  structure: 


Section  4 121  NOSORT  declaration 
NOSORT  i 

The  NOSORT  command  turns  off  SORT  checking.  If  any  SORTs  have  already  been  declared,  an 
error  message  will  be  given. 


Section  4122  MOSTCENER4L,  NUMSORT,  SETSORT,  SEXPRSORT 

MOSTGENERAL  <sort>  ; 

NUMSORT  <sort>  i 

SETSORT  <sort>  ; 

SEXPRSORT  <sort>  t 
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In  FOL  cer  tin  TERMs  come  with  predeclared  SORTs:  numerals  become  INDCONSTs  of  SORT 
NATNUM,  comprehension  terms,  set  terms  and  n-tuple  terms  have  SORT  SET,  quote-terms  have 
SORT  SEX  PR,  and  the  default  MOSTGENERAl  SORT  is  the  PREDCONST  UNIVERSAL.  The  effect  of 
the  above  commands  is  to  replace  these  default  SORTs  with  those  specified  by  the  user.  For 
example,  in  the  case  of  Coedel-Beruays-von  Neumann  set  theory,  the  MOSTGENERAL  SORT  is  called 
CLASS. 


Section  412 3 MO  REGENERAL  declaration 


HOREGENERAL  <sort>  2 { <sort_list>  } t 

For  example, 


• ••••HOREGCNEPBl  chaitplcc*  i lnh  I lap l«ea,bl»c»pl»c»l | 


is  equivalent  to  the  axioms 

Vx.  (whitrpiece(x)  a chesspiece(x)) 

Vx  (blachpiece(x)  a chesspiece(x)) 

where  chesspiece.  whitepiece  and  blackpiece  are  understood  to  have  been  previously  declared 
PREDCONSTs.  Although  these  axioms  do  not  appear  explicitly,  the  quantifier  rules  behave  as  if 
they  did  (this  is  explained  in  detail  in  section  4.327).  This  establishes  a partial  order  among  the 
SORT*.  Another  typical  example  would  be  the  declaration  of  classes  to  be  MOREGENERAL  than  sets. 


Section  4124  EXTENSION  declarations 
EXTENSION  <predconst>  <ext_set>  s 


<axl_t«l>  >•  <prlnax|>  REPO t RL T lb J H | /}  <prl«*«l>  ) 

<pri»#»l>  |«  BLT1  «»orl>  | I < Indconi  1 1 It  I > I ) 


where  each  of  the  SORTs  in  the  <primext>  already  ha*  an  EXTENSION  defined.  For  example, 
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•♦•••DECLARE  INOCONST  |K  « BRINGS,  UK  < UK1NGS, 
♦♦•♦♦OECLARE  PREOCONST  KINGS  1| 

♦••••EXTENSION  BMNCS  IBM  i 
Extent  Ion  el  3HNGS  It  IBM 
• ••••EXTENSION  Ul  INCS  IUX 1 1 
Extent  Ion  ol  Ur  INCS  It  (UM 


• ••••EXTENSION  f 1NGS  UK  INCS  U BHNCS| 
Extent  I on  ol  KINGS  It  (UK  BKI 


The  initial  declaration  declares  BK  to  be  of  SORT  BKINC.  and  WK  to  be  of  SORT  WKING.  The 
command  EXTENSION  BRINGS  (BK}:'  says  that  BK  is  the  only  object  which  satisfies  the 
predicate  BKINCS;  similarly,  the  command  EXTENSION  KINGS  BRINGS  U WRINGS’  says 
that  the  only  objects  which  satisfy  the  predicate  KINGS  are  those  in  the  union  of  me  extensions 
of  BKINCS  and  WRINGS,  i.e.  BK  and  WK.  This  is  equivalent  to  the  introduction  of  the  axioms' 
Vx.  (BKINGS(.x)  • (x»BK)) 

Vx.  (WKINGS(x)  • (x.WK)) 

Vx.  (KINCS(x) « ((x*BK  v x*WK)  a -(BK-WK))) 


By  Itself,  this  command  has  no  effect,  but  the  semantic  simplification  mechanism  (see  Section 
4.4)  uses  these  axioms. 


Section  4.13  Predeclared  Systems 
THEORY  <sy9name>  j 

The  THEORY  command  may  be  used  to  call  up  several  pre-declared  systems.  If  no  THEORY 
command  is  given,  the  basic  FOL  system  is  generated,  i.e.  the  full  natural  deduction  system  for 
classical  logic  with  the  extended  inference  rules.  The  options  which  are  available  are 

i.  PIT  I PRAUITZ  | ZK  | CBN  | S*  | SS  | KfiK  | KBB  J 

where  PRAWITZ  is  the  system  described  by  (Prawitz  I9G5).  i.e.  without  SORTs  or  any  of  the 
extended  inference  rules  such  as  TAUT;  ZF  is  Zermelo-Fraenkel  set  iheory  (as  defined  in 
Appendix  3);  CBN  is  Coedel  Beruays-vou  Neumann  set  iheory  (as  defined  in  Appendix  4);  S4  and 
S5  are  Lewis’s  classical  systems  of  possibility  and  necessity  (as  defined  in  Appendix  5):  and  KBK 
and  KBB  are  Hintikka  s systems  fer  Knowledge  and  Belief  respectively  (see  Appendix  5). 
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Section  4.2  Axioms 

Axioms  are  only  briefly  mentioned  in  tbe  desertion  of  FOL.  In  ll.e  machine  Implemented 
version  they  play  the  same  role  as  assntnptlons.  but  they  do  not  appear  In  the  dependency  list  of 
any  step  of  > deduction,  no-  are  they  printed  when  yon  show  the  proof  Thus  derlvat, oils  are 
IJays  relative  to  at.  in .mentioned  theory.  When  a Iheoretn  crnlmg  inechan.snt  is  available  this 
will  Chang?.  Tiif  syntax  for  defining  an  ?xiom  is: 

AXIOM  <axiom>  •, 


where 

«*xlom»  :■  REP  1 1 i «*«'l«l>  i 1 

<«xlltl>  i.  PIT ( eu(lllll»  | PEP1  1 

This  allows  for  a blnck  structured  way  of  naming  sets  of  axioms,  so  they  can  be  referred  to 
™„r  by  some  par.ienlar  name,  or  as  pari  of  a |rottp.  Each  WFF  in  WFFUST  Is  g,ve„  a name  by 
rm  This  name  Is  cenerated  by  taking  the  AXNAM  and  concatenating  an  integer  to  it.  For 
example  If  the  AXNAM  Is  CROUP  then  they  will  be  given  the  names  CROUPI.  CROUP2....  . 
Thes/can  then  be  used  to  refer  to  each  axiom.  An  AXNAM  is  like  a UNENUM  and  may  be  used  In 
any  context  that  requires  a UNENUM.  If  WFFUST  only  contains  one  WFF  that  axiom  Is  called 

AXNAM. 


NOTH:  Tho  lynlo*  coil,  for  multiple  lemiro/onil 


Examples: 


..•♦•Pxton  fii  6 


Ci 


vx.-x<x, 

VY.-IX<YaY < X)  I 1 
VU.UcUl  I 


This  creates  two  axioms  A and  C.  Axiom  A contains  two  si.bax.oms  BI=V\.~X<X  and 
R9.VY  -(X<YaY<X)  If  you  prefer  to  think  of  collections  of  axioms  as  theories,  then  the  syntax 
allows  arbitrary  nesting  of  theories,  each  followed  by  a semicolon.  At  the  moment  no  checking 
"I  done  for  the  consistency  of  axiom  name.  You  lose  if  you  create  conflicting  ones.  Axiom, 
cannot  be  got  rid  of.  so  be  careful.  Numbers  are  not  legitimate  AXNAMs. 
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Using  axioms  as  ax  join  schemas. 

There  are  no  special  rules  for  axiom  schemas,  merely  an  .xtension  of  the  nsc  of  the  rules  already 
given  Namely,  an  axiom  schema  is  simply  an  axiom  with  a predicate  parameter  (PREDPAR)  in  it. 

An  axiom  can  lie  used  anywhere  a step  can  by  r, sing  an  AXPEF.  This  is  of  the  form 

AXNAM[PP|«-XXI PP„*  XXr]  and  its  syntax  is  described  in  the  section  on  VL r..  An  AXREF  can 

appear  anywhere  a VL  can.  in  the  form  AXNAM[PP|-XX|,..,PPn-XXn]  the  PP,  arc  predicate 
parameters  (PRE  pAr’s)  appearing  in  the  axiom,  and  the  XX,  are  propositional  functions  assigned 
to  these  parameters.  The  assignments  are  done  successively  rather  than  simultaneously. 

An  XX  is  a WFF  preceded  by  X,  any  number  of  INDVARs  and  a (per  od).  Tims  c g.  X x y z.<wff>. 
The  ARITY,  p,  of  the  PREDPAR  must  be  less  than  or  equal  to  the  number  of  variables  following  the 
The  indicated  X-con version  on  the  first  p variables  is  done  automatically  The  error  message 
"NOT  ENOUGH  LAMBDA  VARIABLES"  means  p is  too  large.  The  remaining  variables  are 
treated  as  parameters  of  the  entire  axiom,  and  the  instance  of  the  axiom  returned  is  the 
universal  closure  of  the  axiom  with  respect  to  these  parameters. 

The  :■  (SUBPART)  mechanism  (see  Appendix  2)  can  be  used  to  take  pieces  out  of  the  resulting 
formula  in  the  usual  way. 

Example  of  using  axiom  schemas: 

wornR  r 1, 

♦****tNDVRR  X; 

• INOUCTIDNi  M»> aVX.  <MX)>F (X*l ) sVX.F  (XI 1 1 
induct ioni  run  *vx.  trmjf  tx.iijvx.rm 
e»**tOECLRR£  INOV0R  « b| 

♦ ***»«t  INDUCTION (F»Xb 

1 v».  t (««e>« /-vx.  ((•«x)«(x««)9(*4(x<i)i«((x«i)«*))bvx.  (mxi.ix**)) 

♦♦♦♦♦a!  ’NDUCT  IDN  IFi-Xb.  Vt.  | 

2 Vi.  (a* B > • (0«a)  aVX , (V«.  U*XI.(X»«)bV».  U»(X*1>  >.  ( (X*l)  ♦»>  IsVX  a.  <*->XI«(X»«l 

INDUCTION (F »Xb  X.X*b.b*Xt| 

3 VX.  (X«8I • ( 0*X ) aVX 1 ((X«Xl)a(Xl*X)?(X«(Xl»l))al(Xl«l)«X) ) dVX 2 ( X * X 2 1 ■ (X2»X ) ) 
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I 

Section  4 3 The  generation  of  new  deduction  steps 

Note:  when  the  variable*  /1,H  and  C are  mentioned  in  ! hit  tertian,  they  refer  lo  the  de*rrii>tion  nf  the 
batic  Prnwilt  logir  in  *ertinn  3. 

Section  4.31  Assumptions 
| ASSUME  <ufflist>  : 

The  ASSUME  command  makes  an  assumption  on  a new  line  of  the  deduction  for  each  wrF  in 

IWFFUST.  Note  that  the  dependencies  of  a line  appear  in  parentheses  at  the  end  of  a line,  and 
that  assumptions  depend  upon  themselves 

|£»ampl«n 

• ♦...ASSUME  Vk,»x| 

1 ¥«.«<«  (1) 

| ••♦••ASSUME  Vy.ycy,  -Vy  y<yi 

2 Vy.yty  (?) 

| 3 -Vy.y<y  (3) 

1 Section  4.32  Introduction  and  Elimination  rules 

The  general  form  of  a RULENAME  is 
| <rul«n»»«>  i>  <loqcontl>  BLTt  I | E ) 

where  I stands  for  Introduction  and  E for  elimination.  The  format  of  a command  is: 

1 

<rul«_o)_lnt«r*nco>  i»  <rul«nam«>  < I ln*nu» In lo>  | 

The  LINENUMINFO  is  different  for  each  rule.  This  Is  explained  below.  We  will  use  • to  stand  for 
an  arbitrary  VL  (see  section  3.25).  In  the  description  of  some  of  the  rules  It  is  necessary  to 
distinguish  among  several  Vis.  In  this  case  we  write  »l,»2 We  will  write 

aI  «a«  t 

rather  than 

aI  <vl>  a <vl>  j 

i 

i 

i 
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Alternative  alphabetic  RULENAMEs  will  be  given  in  parentheses  after  the  standard  ones.  These 
usually  correspond  to  other  frequently  used  names  for  these  rules.  Thus  MP  (modus  poncns)  or 
UC  (universal  generalization)  can  be  used,  instead  of  si  or  VI. 

All  commas  in  these  rules  are  optional.  This  will  not  be  mentioned  explicitly  in  the  following 
sections.  Thus  a appearing  in  a rule  specification  it  is  to  be  thought  of  as  OPT[,]. 
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Section  4 321  AND  (a)  rules 
Introduction  rule 


aI(AI)  («a») a»  i 

The  LINEN'JMINFO  for  aI  is  any  parenthesized  conjunctive  expression  in  whit!-  all  conjimcts  are 
VLs.  If  no  parentheses  appear  (even  in  a subexpression)  association  is  to  the  right,  thus 
•a(»a»a«)a«  means  •a((«a(»a»))a«).  AND  is  always  a binary  connective.  The  “Sc"  and  are 
alternatives  to  the  “a”  symbol.  The  dependencies  of  a line  are  those  LINENUMs  mentioned. 


Elimination  rule 

aE(AE)  • OPT  C ALT  C.  1 1 1 1 ALT  11 12 1 <subpart>  ) : 

1 picks  out  the  first  conjunct,  2 picks  out  the  second  conjunct  and  SUBPART  picks  the 
appropriate  subpart.  For  the  definition  of  SUBPART  see  Appendix  2.  The  dependencies  of  the 
result  are  the  same  as  those  of  a.  The  first  command  in  the  example  could  have  also  been 
written  "AE  4 I:"  or  "aE  4:1:"  or  "AE  4:»l:“. 

•♦♦♦♦'E  4 , 1 1 

5 (V«.CHu(»)AV..-(»(f1T)) 

•♦•••BE  t i 1112 \ 

6 

• ♦•♦♦BE  4t#l#t#h 

Th»  Min  *yi»bol  «t  Vk.CItOftxt  It  no)  on  n 

♦**♦•*£  4 i #3 j 

In  )ho  <iubp»rl>  i #3  , 3 I ■ too  Itrqt 
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Section  4 )22  OR  (v)  ruin 

Introduction  rule 


vl (01 ) (av<nf  f >v<-uf  f >)  ; 

OR’s  may  lie  | arrinlir^irptl  just  like  AND's,  but  at  least  one  disjunct  >nust  lie  a VL.  Any  VLs 
given  v ill  cause  ilie  dependencies  of  iliat  line  to  be  included  in  those  of  i lie  conclusion.  As  with 
AND,  association  is  to  the  right  and  OR  ,s  binary. 


Elimination  rule 


vEIOEi  • , »1  , *2  i 

■ is  the  VL  on  which  a disjunction  AvQ  appears  «l  and  *2  are  both  VLs  such  that  «|:  and  a);  are 
both  equal  to  the  WFF  The  conclusion  of  this  rule  is  l he  WFF  C.  The  dependencies  of  the 
conclusion  are  those  of  a along  with  those  of  *1  which  are  noi  equal  lo  A and  those  of  r>  not 
equal  to  B.  Remember  two  WFFs  are  equal  if  they  differ  only  by  a change  of  bound  variable.  In 
the  example  two  different  commands  are  given.  Note  how  the  dependencies  are  trealed  in  each 
case. 


«•<  rflSSUME  li  v3i  | 

9 »<  »v-Vy.y<  y (9) 

Iv3:j0t  ?iv3| 

10  Vk . »<  »v-Vy , y< y (II 

• «** 

11  Vy.y<yv-Vy.y<y  (31 
*»»«»vE  9, 10, il| 

1?  V*.*«»vVy.y(y  (91 

«<«ttvE  8, 10, Uj 

13  Vk.  k<  »v-Vy,y<  y (3) 
•m**vE  9 , li,  ia i 

14  Vk  , hi  x v-.Vy  , y<  y 


(1  3 91 
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Section  4.323  IMPLIES  (?)  ruin 
Introduction  rule 


=>I  (DEDI  ALT  [ I < 1 1 f f > d®  ] • 

Tlie  diffeirnrr  between  •=•  and  <wff>=«  is  that  in  the  former  case  dependencies  of  i|,c 
conclusion  which  arc  equal  to  the  hypothesis  are  deleted.  A comma  is  an  alternative  to  the  "a" 
symbol.  In  other  styles  of  presenting  first  order  logic  this  rule  is  called  the  deduction  theorem 

»<*4#d1  tali 

15  V* , hi  oVw . *<  x 
ti**:0E0  loli 

16  V«.k«»jV».»i  < (1) 

•«*•*  5l  2, 1 i 

W Vy  yiipV».»(« 


Elimination  rule 
aEtnP)  • , a • 

The  order  in  which  the  arg cuts  are  specified  is  Irrelevant.  This  is  the  classical  rule  modus 

ponens.  The  dependencies  of  the  conclusion  are  the  union  of  the  dependencies  of  hoth  VLs. 


oE  1 , 1 7 1 


18  V«.*( . 


(II 
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Section  4)24  F ALSE  (F ALSI-.)  mhs 

Introduction  rule 
FI  «1  , «2  ; 

If  «l  is  of  the  form  A.  then  *2  must  be  of  the  form  -A  (or  the  other  way  around)  Thr 
conclusion  is  just  the  WFF  "FALSE"  Its  dependencies  are  the  union  of  those  of  «|  and  *2 


♦f*t»ri  i , 3 i 
J9  rOLSt  it  3i 


Elimination  rt; le 

FE  • . ALT!  «1  I «uff>  1 : 

• must  be  of  the  WFF  "FALSE"  A new  line  Is  created  with  either  «l:  or  the  WFF  specified  by  the 
alternative.  This  rule  says  that  anything  follows  from  a contradiction.  The  dependencies  (there 
had  better  be  some)  are  just  those  of  a. 


ro  — < » « rt  t ) 


(I  3) 
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Stcticn  4.32 3 NOT  (-)  'tilrs 
Introduction  rule 


-I (Nil  • . ALT ( m I <uf «'  ] ; 

• must  he  the  WFF  "FAI  SF"  The  conclusion  of  the  rule  is  the  negation  of  »|:  nr  the  WFF.  The 
dependencies  of  the  conclusion  are  those  of  ■ minus  the  ones  equal  to  »l:  or  WFF 


*<♦<♦-(  19, 3j 


.'I  — Vy.y.y  (II 


m»<<dco  i>:ii 

72  V«.  «<  o--Vy . y<  y 


Elini ination  rule 

'E  ( NF ) ■ . ALH  «1  I Miff*  1 i 

■ must  he  the  Wt  r "FAI  SF".  «l  or  wrF  must  have  the  form  -A.  The  conclusion  is  A The 
dependencies  ate  thosr  <■{  «,  minus  any  equal  to  ’A.  If  this  rule  is  omitted  (m  dmply  not  used) 
and  only  the  introduction  and  elimination  rules  are  used  the  proof  is  intnitinujsticly  valid. 

•rf.fnssunt  -3;  i 
:3  —Vy.yy  C3I 
ett.-rt  ;3,3| 
r*  false  (3  ?3I 
24 , 3 j 

:S  Vy.yiy  1231 
n.oDEO  23a2Sj 

16  ■— Vy.yiy  sVy.yiy 
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Section  4 1?C,  EO}< H' ALF.NCE  <*)  niles 

1 ii  I rod ii 1 1 1 on  rule 
•I (El)  «1  . •:  : 

Either  «l  is  of  flip  fnim  A si)  anil  ».»  is  of  the  form  RaA  nr  vice  versa  The  <nn<lusinn  is  A R 

The  (lr[>eiiifcns  irs  air  the  iininn  nf  the  dependencies  of  »|  and  »2. 

<'»♦*■!  r6.?:i 

27  --Vy.yiyiV'j 

Elimination  nile 

■E (EE)  • . ALT  I ALT (oil)  I ALT [c 12]  ) ; 

If  ■ is  nf  the  form  ACB  then  the  first  alternative  produces  AsR,  the  srmnri  R=A  The 

dependencies  are  ilmse  nf  • 

t :? 


*8  Vy.yi  y?-»-Vy  .q*  14 
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Section  4 327  QV ANTIF ICATION  rules 

This  is  an  example  of  a proof  using  all  the  quantification  rules. 

<■<  •^♦DCCLORt  INDVflR  « y,  DECLBRE  IMPPR  a b|  DC  CL  ORE  PPEOPPR  P 
?<j??03SUHE  Vx. 3y,P(x,y)*Vx  y. (Plx.ylsP (y, x) ) ; 

1 Vx.  3y.P  <«,y)  aV«  y.  (P  <K,y)  jP  (y,x)  ) (1) 

<<«♦«■£  1 l| 

2 Vx.3y.P<x,y>  (1) 

♦♦♦♦♦•E  1 2\ 

3 in  y . (P (x,y> 5P (y, x) ) (1) 

♦♦♦♦♦VE  2 *i 

R 3y.P (a,y)  ( 1) 

« < ! YE  3 a b i 

9  P <a,b>  5P  0>,  a)  (1) 
v ' 3E  * b, 

6 Pla.bl  (6) 

*««««5E  9,6; 

7 P (b, a)  (1  6) 

<♦♦♦♦*1  6 7| 

8 P (a,  b) /P (b, a)  (1  6) 

< «♦♦ «31  8 b*yi 

9 3y . <P<a,y)»P<y,an  (1) 

♦♦♦♦♦VI  9 a*x; 

10  Vx.3y.  (P(«,y)AP<y,x))  (1) 

<♦♦♦♦51  l5l0| 

11  (Vx.  3y.P  (x.yl'V*  y.(P(x,y)jP(y,x))»Vx.3y.  (Plx.ylxPly.x) ) 
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Section  4 9271  UNIVERSAL  QUANTIFICATION  (V)  ruin 
I lit  r odn  c I in  n rule 


VMUGI  . . RFC.  I DPI  1ALIE<  indva,  > l<  indpao]  . J <inllvar>  . 0PT(J)  . 

- - 

fo' a"  - — * ■ * : 

■nZirjx <*  *•«<  « «*» 

be  generalized,  as  it  is  an  INDPAR.  was  changed  to  an  V.  V cannot 

Elimination  rule 

VE(US)  ■ , <termlif,  t>  < 

“ '^r:::;rr  •; r i--»«  - 

instantiated  a bound  variable  chance  is  made  and  tbe-i  ti «.  t . rPC  f°r  * ,f  v,1r',lb,r  ,n  be 

created  Is  declaied  to  be  an  INDVAR  of  the  correct  SORT.  ' $"  * l,U'l0n  14  Mli,'lr-  Tl,p  variable 


Line  4 and  5 of  the  example  were  created  by  this  rule. 
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Section  4.3272  EXISTENTIAL  0J> ANTIFICATIQN  (3)  min 
I ii  I rodiict Ion  rn  Ic 


3 1 (EG ) • , RFP1  I0P1  I-  lorm>  «- ] < i rvlv.ir > OPT  I<occ  I i rs I >) , OPT  ( , ] ] • 

Tlic  list  following  » tr  Ms  which  TFfJMs  arr  In  be  generalized.  If  the  optional  Memo  is  present  it 
is  first  replaced  by  <imlvar>  at  each  occiirrenc?  m ent miicd  in  the  <ncclisl>.  The  WIT  on  • is  thru 
generalized  and  the  next  thing  in  the  list  is  considered  Notice  that  no  use  can  lie  made  of  mi 
<occlist>  if  there  is  no  TPM  present.  The  machine  will  ignore  such  a list  in  this  case.  The 
dependencies  of  the  conclusion  are  just  those  of  •. 

<ncclist>  :=  OCC  <nrdrriiatninnlist> 

The  <ordrrnatnninlist>  js  a list  of  natmal  hum  tiers  in  increasing  order 

In  the  example  existential  introduction  is  done  on  line  0 of  the  proi.r  This  is  the  most 

interesting  line  of  this  example  Von  will  note  that  the  dependencies  of  this  are  not  as 

described  above  because  of  the  previous  existential  elimination.  This  is  explained  below. 

- c ♦ f ;0tCL ORE  rstOCONST  f i ( TOUT  M.tv-H,), 


* ' ? • 

* ♦ * 

*7  r (<) v-F (») 

31  PCC  2 1 

;s  3y.  (F(*).-r(y)) 
*****  VI  2*8, 

T9  V*.3y.  (F  (y)  v-F(yl) 


El i ill  i n a t ion  rn le 


3EIESI  ■ . FtFI’l  IAI.lt  <indv.ar>  I «-indpar>  J.OPTIJ)  • 

The  implementation  of  this  mle  is  the  most  radically  different  front  the  formal  statement  given 

above  This  rule  c mu  -ponds  m informal  reasoning  to  the  following  I itrd  of  Suppose 

we  have  showi  that  some ’tiling  exists  with  some  parlnul.u  pmpeity,  eg  Is  I’t.i.t  I t hru  sve  say 
call  this  thing  It  I Ins  is  life  saying  ASSUME  I’fa.li).  Then  we  can  irasnu  almcit  b As  soon  as 
we  have  a sentence,  however,  that  no  longer  mentions  b.  it  is  a throrrm  which  does  not  depend  mi 
what  we  called  "y"  hut  only  on  the  depeudancics  of  the  existential  statement  we  started  with 
Thus  we  can  eliminate  P(a.li)  from  the  assumptions  of  this  theorem  and  replace  them  with  those 
of  the  assumptions  of  3y  l’(a.y) 
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The  machine  implementation  thus  makes  the  correct  assumption  for  )on.  rrmrmhr.s  it  and 
automatically  removes  it  at  the  first  legitimate  opportunity.  Several  eliminations  ran  he  done  at 
once. 


In  the  example  an  existential  elimination  was  done  creating  step  6.  This  line  actually  has  as  its 
REASON  that  it  was  ASSUMEd.  Line  8 thus  depends  on  it.  When  the  existential  generaliration 
was  done  on  the  next  line,  b no  longer  appeared  and  so  line  G was  removed  front  the 
depcndancies  of  lute  9 A user  should  try  to  convince  It  in  self  that  this  is  equivalent  to  the  rule 
stated  at  the  beginning  of  this  manual. 
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Section  4 2272  Quantifier  rules  with  SORTs 


The  following  table  describes  the  effect  of  the  quantifier  rules  in  the  presence  of  SORT  and 
MOREGENERAL  declarations,  such  that  p is  of  SORT  P,  q is  of  SORT  Qand  r is  of  SORT  R,  and  R Is 
MOREGFNERAL  than  Q and  Q,  Is  MOREGENERAL  than  P 


VE 

Vq.Alql 

Vq.fllq) 

Vq.fllq) 

flip) 

fllq) 

Olr)jfi(r) 

VI 

fllq) 

fllq) 

fllq) 

Vp.fllpl 

Vq.Alq) 

•rror 

3E 

3q.fl (q) 

3q.fl(q) 

3q.A(q) 

• rror 

A Iql 

Air) 

31 

fllq) 

fllq) 

fllq) 

P Iql }3p .flip) 

3q.  fllq) 

3r,fl(r) 

As  an  example,  it  is  possible  that  you  might  try  to  instantiate  a variable  to  a term  whose  SORT  is 
MOREGENERAL  than  the  quantified  variable.  In  this  case  the  result  of  the  specialization  is  to 
create  an  implication  asserting  that  if  the  term  were  of  the  proper  SORT  then  the  specialization 
holds.  If  the  variable  is  MOREGENERAL  than  the  term  then  the  usual  WFF  is  returned. 
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Section  4 33  T Al'T  aiul  TAVTEQ 

TAUTOLOGY  mlr 

TAUT  <n f f > , < v II  1 <- t > j 


Til  is  rule  decides  if  tlic  WFFs  follows  as  a tautological  roiisrrncncr  of  tlie  WFFs  mentioned  mi  Hie 
VLLIST  (the  notion  of  VLUST  is  defined  in  Appendix  2).  In  this  rase  wrF  is  concluded  and  its 
dependencies  are  the  union  of  the  dependencies  of  each  WFF  in  the  VLUST.  We  think  this 
algorithm  is  fairly  efficient  and  tints  should  be  used  whenever  possible 

TAUTEO  rule 


TAUTER  implements  a derision  procedure  for  the  theory  of  equality  and  n-aiy  predicates,  n 0. 
Its  syntax  is  the  same  as  the  TAUT  rule: 

TAUTEQ  <-uff'»  , <vlliet->  • 


This  rule  decides  if  wrr  follows  from  the  WFFs  mentioned  in  VLUST  in  the  above-mentioned 
theory.  Tints,  anything  that  ran  be  proven  by  TAUT  can  also  be  proven  by  TAUTEO  but 
TAUTEQ  runs  more  slowly  than  the  TAUT  rule.  J 


M»f-OCCLflRE  rurOCONS!  P 1 Q 1| 

K ♦({DECLARE  0PC0NST  I l| 

♦♦♦♦(DECLARE  INOVflR  * b| 

♦♦♦< ♦TAUTEQ  <»b3 (P  (*)iP (b) ) | 

1 (P  (* ) iP  (h ) ) 

♦♦♦♦♦TAUT  *>b3(P(«liP(b))| 

10UGH  tucr 

•(♦■(TAUTEO  a.bsl  (4l.t(b)| 

TOUGH  IUCI 

The  formula  aHi=>(P(at  IMh))  cannot  hr  proven  propositionally:  TAUT  would  simply  rename  (a*b) 
to  a new  PRFDI’AP  with  APITY  0,  say  PI,  P(a)  to  P2,  and 
P|=(P2-P3).  The  formula  (a*b)=f(a)=f(b)  cannot  be  provrn  by 
know  about  the  arguments  of  functions. 


TAUTEQ,  since  TAUTEQ 


ui»r*  iiu I 
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Section  4 34  T hr  U N !FY  Command 
UNIFY  <wf  f > • • 

Tills  command  tries  to  establish  whether  the  WFF  Is  a consequence  he  VL  are 

This  rule  of  Inference  is  best  described  by  first  presenting  some  examples: 

M'tenssunc  VX . P (XI I 
i vx . p <x ) 

♦ •♦nUNirv  Pd ion  i| 

? P(KOI) 

< •*(  :uiirr  ji.pki  i, 

3 3*.P(«) 


In  step  2,  the  UNIFY  mechanism  recognised  that  P,  applied  to  any  TERM  followed  front  VX.P(X). 
More  aggressively,  on  line  3,  it  recognised  the  that  VX.P(X)  implies  that  3X.P(X).  These  are  two 
simple  cases  of  the  use  of  this  command.  A more  complicated  example  is: 

fffcossunt  3*.vy.  <P(X) v02 ( x . V) ) , 

i 3K.vr.  (Poo.o.’d.ru  u) 

♦ Mtdjniry  ]u.p (ui «3u. vz.02 (U.zi  i, 

: 3u.p(ui.3u.v:.o?(u,zi  til 


Notice  that,  in  both  of  the  examples  above,  the  propositional  structure  of  WFF  was  the  same  as 
that  of  the  VL.  This  rule  is  designed  to  handle  exactly  this  case:  namely,  it  is  designed  to  handle 
the  quantifier  manipulations  involved  in  implications  between  WFFs  with  similar  propositional 
forms.  1 


j 

[ 

I 


i 
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Section  4.3 5 SUBSTITUTION  tule 

SUBST  ■!  IN  *C  OP  T ( OCC  <orcierna  tnum  li  st>  ) : 


If  the  major  connective  in  »|  is  * nr  * then  (making  allowances  for  bound  varialilr  changes)  the 
occurences  of  the  left  hand  side  of  ■!  which  appear  in  *2  will  he  replaced  hy  the  right  hand  side 
of  «l  If  an  occurrence  list  appears  only  those  listed  will  grt  substituted. 

SUBSTR  *1  IN  OPT  t OCC  <ordernatnuml  ist>  ) : 

does  the  same  as  SUItVI’  but  substitutes  the  left  band  side  of  a|  for  the  right  hand  side  of  »|  in 

■2 

Ordinarily,  f(\)  cannot  he  substituted  for  y in  Vx.F(x.y)  as  the  \ in  f(x)  would  then  heroine 
bound,  ie  f(\)  is  not  juc  Jet  y in  Vx.F(x.y).  FOL  antmuatically  handles  this  conflict  n|  hound 
variables  in  a substitution;  those  occurences  of  a bound  variable  which  will  cause  a conflict  are 
changed  Thus  if  one  tiies  to  substitute  f(x)  for  Vx.F(x.y)  the  generated  substitution  instance 
will  he  Vxl.F(\l,(f(x))  Here  the  newly  created  variable  will  have  the  same  r>nPT  as  \ if  SHPTs  are 
being  used. 

The  ‘new'  variable  is  eiealed  hy  considering  the  ‘old’  variable  to  have  two  parts:  a prefix  which  is 
the  identifier  up  to  and  including  its  last  alphanumeric  character,  and  an  iinlrx,  either  empty  or 
a positise  integer.  The  new  variable  which  is  generated  will  have  the  same  prefix,  and  an 
incremented  index.  For  this  purpose,  an  empty  index  is  considered  to  be  '0‘. 


FOL  Manual 


Page  36 


Section  4.4  Semantic  Attachment  and  Simplification 


FOL  is  concerned  with  c heel  ing  tlumrms  in  a first  order  language.  whi<h  the  user  specifies  l>v 
making  declarations.  This  language  is  then  a structure  L«<I\F.C>,  wheie  P is  a ,rt  of  predicate 
symbols,  F a set  of  function  symbols,  and  C a set  of  constant  symbols.  A mo, tel  of  [ „ a 
structure  M=<I).P '.F'.f with  D a non  empty  set,  P'  a set  of  n-ary  predicates  on  n.  F'  a set  of 
functions  mapping  I)n  into  D.  and  C subset  of  D.  An  interrelation  of  | in  M is  a map  which 
specifies  which  symbols  in  p correspond  to  which  predicates  in  M,  similaily  for  F and  0 The 
implementation  of  semantic  attachment  has  two  aspects: 

(a)  the  attachment  mechanism  which  allows  the  user  to  specify  the  objects  in  the  model  which 
correspond  ;o  symbols  in  the  language  and  vice  versa,  and 

(b)  the  sim/'iijur  whult  tries  to  compute,  in  the  model,  the  values  of  FOl  expressions  i e it  uses 
the  notion  of  salt rjiahht;. 


For  example,  we  might  associate  with  function  symbols  the  corresponding  I ISP  functions  The 
OPCONST  V might  he  semantically  attached  to  the  I ISP  function.  PI  IlS.’aud  the  1 U[ II  t tfjSTs  T 
and  '2  (i.e.  the  numerate)  attached  to  the  numbers  I and  so  that  an  evaluation  of  '|.r  j„  ,|,r 
model  would  give  the  number  3 as  an  answer  - the  simplifier  would  then  the  1NIKW3T  '3'. 


Note  carefully  that  the  map  fro,,.  I into  M and  that  fro,,,  M hack  to  I.  may  he  Partial,  i e there 
may  be  symbols  in  I which  have  no  defined  interpretation  in  M.  ami  the  process  of 
simplification  with  lespni  to  M may  generate  objects  in  M which  have  no  canonical  symbol  in 
L.  The  FOl  simplifier  simplifies  sentences  to  the  maximal  possible  ex  tent,  using  the  irxnlts  of 
computation  within  the  model,  as  well  as  any  relevant  information  ahout  the  F XTI  NMON  and 
SORT  structures  which  the  user  has  defined  on  L. 


FOL  allows  the  assignment  of  arbitrary  LISP  functions  or  lambda-expressions  as  the 
interpretations  of  predicate  and  function  symbols. 
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Stclion  4 41  The  ATT  AC H command 

ATTACH  OPT  [■]  ALTt  <predconst>  I <opconst>  I <indconst>  ] <e_expr>  j 


<s_expr> 
<s_expr I i st> 
<do  tencl> 

<a  tom> 


ALT!  <atom>  I ( <e_exprlist>  OPT [<dotend>]  ) ]• 
: ■ REP1 ( <s_expr > ) 
i ■ . <sexpr> 

i-  ALT!  <identifier>  I <natnum>  ) 


This  command  allows  for  the  definition  of  the  maps  from  the  FOL  language  that  the  user  has 
defined  into  the  I ISP  environment  which  he  wishes  to  take  as  the  model  of  his  language  (and 
vice  versa  if  the  ATTACH*  option  taken).  b 


PREOCONSTs  and  fifTfiNSTs  may  be  attached  either  to  atoms  which  are  the  names  of  already, 
defined  LISP  functions  fie.  ones  which  have  a SUBR,  EXPR  or  MACRO  property,  including  of 
course  all  the  standard  ILISP  functions)  or  legal  LISP  function,  lambda-expression  or  macro 
definitions  The  attachment  mechanism  checks  that  the  functions  (except  SUBRs)  being 
attached  have  the  correct  number  of  arguments  corresponding  to  the  ARITY  of  the  PREDCONST  or 
OPCONST  to  which  the  attachment  is  being  made.  INDCONSTs  may  be  attached  to  any  S- 
expression.  7 


•♦•••OECIARE  INOCONST  ZERO,  ONE  c INTEGER 
•••••0ECIARE  OPCONST  ♦ E INTECEK , INTEGER). INTEGER  ttNEti 
•••♦♦ATTACH  ZERO  t, 

ZERO  ill«cH«d  to  < 

•••••ATTACH  ONE  t' 

ONE  «ll«ch«d  lo  1 

••♦•♦OECIARE  OPCONST  CAR  COR <1  tST) >UST| 

♦ ♦♦♦■0ECI.ARE  OPCONST  CONS(SEXPR,SEXPR).SEXPRt 
•(•♦•ATTACH  CAR  CARj 
•••••ATTACH  CONS  C0NS| 

••••♦OECIARE  INOVAR  A B l < SEXPR, 
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Section  4.42  The  SIMPLIFY  common, I 
SIMPLIFY  (ALT  -u««'  I <vl>  I - ter  m>  ] : 

Tins  command  effects  t hr  simplification  of  an  FOL  M'litrncr  l>y  computing  within  j|«.  model, 
l.e.  the  simplification  mechanism  attempts  to  find,  in  the  model,  objects  (I  ISI*  Si-expressions) 
which  correspond  to  syntactic  symbols  in  the  sentence.  If  any  are  found,  they  air  I VAI  noted  in 
the  normal  way  The  simplifier  then  attempts  to  find  a term  in  the  language  which  ronesponds 
to  this  evaluated  entity  In  the  case  of  VLs  and  TLKfls.  the  original  expnssmn  is  retmnrd. 
together  with  its  maximally  simplified  form;  if  a term  exists  in  the  language  Tor  the 
simplification,  then  that  forms  the  tight  hand  of  the  rrpialiiy.  (The  siniplifin  is  aware  that 
NATNUMs  anil  I IM*  immhrrs  coriespoml  to  each  otliri)  In  the  case  of  lil  i s.  addition. ills  if  the 

result  of  simplification  is  a truth-value,  the  UFF  or  its  negation  is  nil d,  whichever  is 

appropriate  The  simplification  is  rained  out  to  the  maximal  extent 

If  a LISP  error  is  encountered  during  simplification,  an  eiror  message  is  given. 

Ill  the  model  defined  hy  the  attachments  made  above,  the  following  ncriii s: 

vf-'Sirrurv  ;ren  4 one t 
n porcine  . i 

t:»;'3tnn  irv  cor  mo  b<i 
corc  to  p 1 1 »o 

In  addition,  the  simplification  mechanism  takes  into  account  any  information  that  is  available 
about  the  50(11  and  rXTrh510N  declarations  that  have  bren  matlr.  For  example,  remembering  the 
example  on  extensions  given  in  section  4.124: 

«•  •ftitciner  iw'ccnst  pi  , bmngs,  ui  < ui  ingSi 
ntClilPf  TRl  0C0N5T  I tNCS  1( 

E VTEN3I0N  III  I NCS  IB*  1 1 
("ttnuon  ol  B*  INC  J K CBt  ) 

EXTENSION  III  I NOS  IUI  1 1 
Erltnston  ol  UI  JNC.3  it  IUI  t 
-^♦(EXTENSION  l INCS  U>  tNCS  U Bl  INCSt 
E»l»nsion  ol  I INC.S  It  IUI  Bt  I 
c?4t>sinpurv  ui  .bi  t 


- <ui  «bh 
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Section  4 41  AuxiUnn  FV NOTION  definition 
FUNCTION  < function  s_c>'|',r>  ; 

This  allows  1 hr  definition  of  <fuiictinu-s  expr>  as  an  auxiliary  I 1ST  fnnrtion  If  ihr  f n nr t ion 
definition  is  a legal  <-s  r.\|>r>  which  is  not  a legal  LISP  function  definition  of  ihr  1>E  or 
DEFPROP  sort,  an  error  message  will  lie  given. 
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Section  4 5 Aibniniituitire  Cmmarnts 

These  com  mauds  manipulate  the  proof  checker  but  do  not  directly  alter  the  current  deduction 


Section  4 )l  The  I Allhl  rorvmintt 

LAPTL  ALT  ( --iilint  I ••irlr-nt'  ->  I i nenum>]  • 

In  the  first  case  the  next  line  the  proof  chrekrr  generates  will  gel  the  label  |Pi  Ml  In  the  second 
the  LINLNUM  nieniiomd  will  heroine  laheled  by  IDEN f.  labels  are  alternatives  to  vis  and  can  he 
used  in  any  place  that  the  syntax  experts  them. 


Section  4 )2  File  lln'ulling  comtwnifs 


Section  4.)2I  The  FEI't  H com»in<ul 

FETCH  *•  f i I rn  nm's.  HP  If  FROM  • r.t.n  k 1 > ) DPT  ( ID  •markD'  ] • 

The  FF.TOII  command  trails  the  file  'filename),  and  executes  any  KOI  t omnian.ls  in  this  file. 
FOL  accepts  standard  Stanford  file  designators.  If  mark  specifications  are  piesrilt,  the  file  is 
only  read  svithin  the  limits  which  they  specify.  The  default  FROM/TO  are  the  beginning  and 
the  end,  respectively,  o(  the  file  The  commands  read  during  a fetch  are  not  printed  in  the 
backup  file.  FF.TCHrs  may  he  nested  to  a depth  of  10. 

Section  4 ) 22  The  M it(K  com’iivnf 
MARK  *- token'  ; 

This  command  has  no  effect  on  the  proof,  but  simply  places  a niaik  in  the  file  which  the 
FETCH  command  can  use  to  delimit  leading  of  the  file 


Section  4)2  ? The  ll  A(  K VP  command 
BACKUP  •'file  n.niti>>  : 

When  FOL  is  iuitialireil.  a file  called  BACKUP, TMP  is  automatically  created.  All  console  input 
from  the  user  is  saved  nn  this  file.  This  command  closes  the  current  backup  file,  and  opens  a 
new  one  with  the  specified  file  name. 
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Section  4 524  The  CLOSE  command 
CLOSE  ; 

This  closes  and  reopens  the  backup  file.  Normally  the  backup  file  Is  written  every  five  steps  In 
the  proof,  but  this  command  enables  the  user  to  save  the  state  of  his  deduction  at  any  point 


Section  4.525  The  COMMENT  command 
COMMENT  <ciel  inti  ter>  <te*t>  < cie limit er > 

When  typed  at  the  top-levri,  this  inserts  any  text  between  the  deliinters  into  the  backup  file-  if  it 
appears  In  a FETCHcd  file.  M,r  irx,  is  ignored.  Of  course,  .be  delbniier  ,„u„  .p?e«  I,  else 


Section  4 53  The  CANCEL  command 


CANCEL  OPT[  <lmenum>  ] ; 


This  cancels  all  steps  of  a deduction  with  LINENUMs  greater  than  or  equal  to  LINENUM  Thus  vou 

MMCMu?!°Ve  ",,W!n'cd  S,CPS  from  a drd"c,ion  provided  they  are  all  at  the  end  of  the  PROOF.  If  no 
LINENUM  is  specified,  only  the  last  line  is  cancelled. 


Section  4 54  The  SHOW  command 


The  SHOW  command  is  used  to  display  information  generated  by  FOL.  The  intent  of  the 
present  command  is  to  allow  yon  to  display  information  about  a derivation  at  the  console  and 
saveu  on  a file.  The  integer  after  the  FILENAME  becomes  the  llnelength  while  this  command  Is 


SHOW  <shoutype>  OPT f 


<«houlyp«>  I.  nut  TPOOf  OPT c <r«nq«lin>  ) | 

STEPS  OPT ( <r«nq«lltl>  J | 

B*tOfl  OPT t <«xnpall«l>  ) | 

OEClfiRfiTtONS  OPT ( <d«c lnlo>  J | 

GENERALITY  OPT ( <9«nlnlo>  ) | 

LABELS  OPT ( <l«b«llnlo>  J J 


<filenawe>  OPT f <integer>  ]]  j 


<r*nqil  l • t > i.  RCT1  (<rAnq«tp«c>,OPT (, J J 

«r*nq*ip»c»  i.  PL T t 0PT(  <lln«nun>  1 i OPT!  <llninua>  J 

<d»elnlo>  ■■  REP  1 C RL T C <iyntyi)»>  OPT ( ( <(orl>]  | 


| <lln«nua>  ) 


<qtn I n lo> 

< lib* I lnlo> 


<ioiiyn>  | 

SORTS  J OPT  C,  J J 

• • BEPK  <torl>,  OPT t, J J 

'■  ALT!  <l«b(l>  | <r«nqnptc>  ) , OPTfJ  I 
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RANGFSPFC  may  lie  of  the  form  23  nr  23:tiri  or  :65  nr  3-1:  or  rvni  : In  nir.iniiiq  is  rillin  i sm^lr 
LINFNUM  or  a r n 1 1 tf e of  I INI  NUMs.  If  a number  siands  alone  it  simply  means  ihjs  n in 1 1 li<-i  If 

there  are  two  Iirrs  srparateil  by  a colon,  the  rattle  is  from  the  fiisi  in  the  <.mt  If 

numbers  do  not  appeal  on  either  side  of  the  colon  then  the  default  of  ()  ...  i|,e  |.,M  |M(r  , «. 
assumed.  An  f'Olr,YM  is  any  (lei  laird  identifier  and  show  ic  ttiriis  its  r.m;i  n< if  jr  i and  show 
returns  appropriate  syntactic  iufoi  mat  inn. 

Examples  are: 

♦cc-'SHOU  ppnor  I , : ri , 1 6 : fOO.  C.E  T ,RUU) 


this  writes  lines  I.  2 to  r>.  IG  to  the  last  line  of  the  proof  onto  the  file  FOO  HA /.[SET.  It  \V\V  J with 
a liiielength  of  22. 

♦ ft ' ;SH0U  PPOOr ; 

displays  the  proof  on  the  console. 

The  next  example,  taken  from  an  actual  test  file,  shows  the  kind  of  syutartii  information 
displayed  by  a "show  dci  la  rat  inns"  command. 

cit'cSHOU  OEClPPOttONS  ENPTY  » ♦ < c#>-ry  fronl  binpr yp  Ins . 

EPP1Y  it  INOCON  it  ol  tori  BYTES 
. ii  INOVflR  ol  «or1  INTEGER 
. i*  0PC0N51 

III*  iloiMin  II  IN  If  CEP  • INTEGER,  »•><!  Hi*  . *m|«  > I INIEf.l  » II  . i.'.n  n.i.pni 
: n PPECCONST 

Tl-.  domain  ii  INIEGER  ■ INTEGERILO'O  p.  300] 
carry  it  PPCCN'T 

Th»  Pomp  In  II  (lifts  • BYTES,  »nd  lln*  ,|  (IVIES 

Won  I i|  0PC0N3T 

lli«  dona  i n l|  BYTE  S,  and  lh«  ranql  it  BYTE  S (5»-  OSOJ 
No  declaration  lor  hinaryplui 
i : 3H0U  0E Cl 000 T ION  SORTS' 

shows  all  the  PRmcnrjr>Ts  of  ARITY  I (i.e.  all  of  theSORTs) 

SHOW  commands  (Jo  the  nhvinns  thing  in  conjunction  with  the  display  featmes  turned  on  bv 
DISPLAY.  7 
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Stction  4. 55  The  DISPLAY  command 
DISPLAY  OPT  ( <d i sp I ay types  1 i 

<d  Up  l»y  lyp»>  ia  ALTI  PROOF  | 

STEPS  | 

Axiort  I 

ATTACHftENTS 
DECLARATIONS  | 

LABELS  | 

STATUS  J 

FOL  may  take  advantage  of  the  display  features  of  thr  Stanford  DataDisc  system  by  means  of 
this  command. 

For  example: 

♦♦♦♦♦OISPLAY  | 

creates  a display  window  of  full-screen  width.  Into  which  the  steps  of  the  proof  are  displayed  as 
the  derivation  continues.  The  page-printer  is  restricted  to  the  bottom  eight  lines  of  the  screen.  If 
the  argument  is  non-mill  then  the  'proof  window  is  restricted  to  half-screen  width,  and  a second 
window,  appropriately  labelled,  occupies  the  other  half  of  the  screen  e.g. 

♦♦♦•♦OJSPLAY  AXIOMS  | 

causes  an  'axiom'  window  to  be  opened,  and  all  axioms  are  printed  to  that  window,  rather  than 
to  the  'proof'  window  or  the  page-printer. 

Whatever  the  current  state  of  the  display,  'DISPLAY  (nulls’  causes  the  'proof'  window  to  be 
regenerated,  together  with  the  last  five  lines  of  the  proof,  if  any.  Any  other  windows  w.iicli  may 
be  present  are  flushed.  This  method  is  slow  and  cannot  be  used  from  teletypes,  but  provides  a 
much  more  convenient  way  of  displaying  the  steps  of  the  proofs  and  other  information. 

•*tt*UND!SPLAY  | 

restores  the  screen  to  normal  teletype  mode. 


Section  4 )6  The  EXIT  command 
EXIT  , 


This  command  returns  the  user  to  the  monitor  in  a state  appropriate  for  saving  Ills  core-image. 
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SfCtion  4 58  Thr  SPOOI  Command 
SPOOL  <fi  I on.inir'*  ; V&POQL  <fi  lf?n.Tnio>  ; 

These  cause  the  'f  ih'ii.nur'  to  hr  spooled  on  the  appropriate  device  (I  I’T  or  \(.n 

Srction  4 58  Thr  Tl  ) * ommatul 
TTV  . 

This  resets  the  priiittitt;  routines  so  that  they  are  teletype  rather  than  display  orient,  d In  this 
mode,  the  logical  connectives  arc  repiesented  by  NOT,  OR,  & or  AND  -»  ot  |M I*  *♦  oi  I OIIIV 
FORALL,  EXISTS.  ' 
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Appendix  I 

FORMAL  DESCRIPTION  OF  FOL 


The  non-descriptive  symbols  of  FOL  divide  Into  SYNTYPEs  as  follows: 


1. 


Individual  variables  • INDVAR.  There  are  denumerably 
use  x.y.i  as  meta-variables  for  them; 


many  individual  variable  symbols.  We 


2.  Individual  parameters  - INDPAR. 
As  metavariables  we  use  a,b,c; 


There  are  denumerably  many  individual  parameter  symbols. 


S.  n-piace  predicate  parameters  . PREDPAR.  For  each  r,  there  are  denumerably  many  predicate 
parameter  symbols.  An  ...place  PREDPAR  Is  said  to  have  ARITY  n;  1 V cu.caie 


4.  Logical  constants'. 


a)  Sentential  constants  ■ SENTCONSTt  FALSE  and  TRUE. 

b)  Sentential  connectives  • SENTCONN:  VW,«. 

c)  Quantifiers  - QUANT:  V and  3; 


5.  Auxiliary  signs  • AUXSYM:  parenthesis  (,). 


A particular  FOL  language  is  distinguished  from 
certain  constant  symbols.  These  have  the  SYNTYPEs: 


a pure  first  order  language  by  declaring 


I.  Individual  constants  - INDCONST: 


2.  n-piace  predicate  constants  - PREDCONST.  Each  n-place  PREDCONST  has  ARITY  ..: 

’ 0PC0NST'  Likt  PB£0PAR*  - ^ *»•  --  ca 

Each  CYNTYPE  Is  assumed  to  be  disjoint  from  all  others. 

IEPM* 


t Is  a TERM  In  FOL  if  either 

1.  t Is  an  INDPAR,  INDVAR,  or  an  INDCONST,  or 

2.  t Is  f(t|.t2 t„),  where  f is  an  OPCONST  of  ARITY  n and  t(  Is  a TERM. 
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WFFs 


A Is  an  atomic  well-tormcd  formula  or  AWFF  if 

1.  A is  one  of  the  symbols  "FALSE"  or  "TRUE", 

2.  A is  P(t  t?)  where  P is  a PREDPAR  or  a PREDCONST  of  ARITY  n. 

The  notion  of  well-formed  formula  or  WFF  is  defined  inductively  by: 

1.  An  AWFF  is  a WFF. 

2.  If  A and  R are  WFFs,  then  so  are  (AaB),  (AvB).  (AsB),  (A*B),  and  '(A). 

3.  If  A is  a WFF,  then  so  are  Vx.A  and  3x.A  provided  that  x is  an  INDVAR. 

The  usual  definitions  of  free  and  bound  variables  apply  and  can  be  found  in  any  standard  logic 
text  (e.g.  Mathematical  Logic  by  S.C.  Kleene).  Below  the  usual  conventions  for  omitting 
parentheses  will  be  used. 

SUBFORMULAS 

The  notion  of  SUBFORMULA  is  defined  inductiveiy 

1.  A is  a SUBFORMULA  of  A. 

2.  If  BaC.  BvC,  BaC.  B*C,  or  -B  is  a SUBFORMULA  of  A so  are  B and  C. 

3.  If  Vx.B  or  3x.B  is  a SUBFORMULA  OF  A,  so  is  B(fx). 

The  notations  A[t*-x]  and  A[t*-u],  where  A represents  a WFF,  t,  u TERM*  and  x an  INDVAR  are 
used  to  denote  the  result  of  substituting  x or  u,  respectively,  for  all  occurrences  of  t in  A (If 
any).  In  contexts  where  a notation  iike  A(t*-x)  is  used,  it  Is  always  assumed  that  t does  not  occur 
In  A within  the  scope  of  a quantifier  that  is  Immediately  followed  by  x.  The  notation  A[x*-t], 
denotes  the  result  of  substituting  t for  all  free  occurrences  of  x. 

The  notation  A[a*-x,xH]  means  the  result  of  first  substituting  x for  a and  then  t for  x.  To 
denote  simultaneous  substitution  we  use  A[a«-xixM], 
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Appendix  2 

THE  SYNTAX  OF  THE  MACHINE  IMPLEMENTATION  OF  FOL 


In  this  manual  the  syntax  of  hOI , will  ha  described  using  a modified  form  of  #A*  ill  ISPo  • * 

pourrn.  77ir.tr  form  the  ha  tic  ran  ttruet*  of  the  FOL  porter  2 ''°,,0n  °f 

1.  Identifier*  whirl , appear  in  pattern * ore  to  ha  taken  literally. 

2.  Pattern t for  »yntoetir  type » are  turroanded  hy  angle  hre'hett. 

3.  Pattern * for  repetition*  are  de*ignoled  hy: 

REPO  f <pattern>  J m eon*  0 nr  more  repeated  PATTERN*, 

REPnf<pnttcrn>]  mean * n or  more  repeated  PATTERN*. 

If  o REPO  or  a REPn  l,a*  two  argument*  then  the  *eeond  argument  it  a natter ><  thn,  ,, 

teporotor.  So  that  REPIf<w[f>  J mean*  one  or  more  WFFS  trporatrd  hy  comma,  ° 

4.  Alternative * appear  a*  AI.T/<PATTERNI>\...\<PATTERNn>/ 

AI.TI<wff>\<trrm'>l  mean*  either  o WFF  or  a TERM. 

5.  Optional  thing * appear  a*  OPT/<poltern> J 

e!miiTIf>’m'T/,//  m"nU  “ ,et}UeiCe  °f  °r  m0rr  WFFs  optionally  unrated  hy 
Theta  convention*  ore  eomhined  with  the  mndard  llackui  Normal  Form  notation. 

Baste  FOL  sv tit b ois 

!ho  J?.  t0fmak-  !lfe,MS!er  f°r  UJer$1  ,he  F0L  Parser  mak”  ««ore  careful  distinctions 

about  the  kn.ds  of  syittl  ds  that  it  sees  than  the  previous  description  indicated. 


< Ir  J»ym> 

1 

RLTI 

« lnavap» 

1 ■ 

» Idant 

< lndpar> 

I ■ 

*1  jnt 

< Indconai  > 

t ■ 

RLTI 

«rlndvar>  | <lndpar> 

I f l»r» 

I I l»r< 

> | 

«'  I 


< indcona t > 1 

fdaclarad  1NDVSR 
idaclarad  INOPAR 
tdac larad  INDCCN5T 
tno  daclaratlon  nacaaaary 


<oi.tym>  i ■ 
<or par>  is 
«opconat>  la 
<praop>  la 
<*nfop>  |a 
<*Pplop>  la 


TLTI  <oppar> 
• Idant 1 1 l»p> 

< idant 1 1 l#p> 
»opsym> 
*optym> 
*opayn> 


| opconat> 


tdaclapad  OPPRR 

tdae larad  OPCONST 

tBRITY  I and  daclarad  PREFIX 

(RRITY  2 and  daclarad  INFIX 

tRRITY  n and  not  daclaptd 

t INF  op  PRE  dac 


«ppadaym> 

1 ■ 

RLTI  <ppadpap>  | 

<ppadconi!> 

*pradpar> 

1 ■ 

< idant 1 t !ar> 

<ppadconat> 

t ■ 

< Idant i I lap> 

<ppappad> 

1 ■ 

<ppadiym> 

<lnfprad> 

! ■ 

<pradaym> 

<applppad> 

1 • 

«ppaday«i> 

(daclarad  PREOPRR 
tdaelapad  PREOCONST 
I RRI TY  1 and  dtclarad  PREFIX 
|RRITY  2 and  daclarad  INFIX 
|RR1TY  n and  no!  daclaptd 
I INF  op  PRE  dac 


«aant*yn>  ia 
<aantpar>  ia 
<aantconit>  ia 


RLTI  **antpor>  | 
* Idont l fl»p» 

RLTI  FALSE 
TrtUE 


<a>ntconat> 


I 


Idaclapad  SENTPRR 
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< I dent lll«r> 


'declared  SENTCONST 
I INF  er  PRE  dec 


•eenteonn*  ia  PLTI 


- | NOT  | 

v I DR  I 

a | t | PN0  | 

S | a I I HP  I 

e I - I EOUIV  1 


ineqet Ion 
; die  Junct ion 
icon  junct Ion 
1 1 np I Ice t Ion 
■equivalence 


•prelog*  la  ALT!  - | NOT  I 

<lnt log*  ia  PLTI  v | OR  | a | I | RND  | > | « | MP  | ■ | . | EOUIV  I 


• quant*  i.  PLTI  V | FORPLL  | 3 | EXISTS  ) 


TERMs 


The  FOL  syntax  for  TERMs  allows  for  both  prefix  operators  and  binary  infix  operators,  as  well 
as  the  usual  function  application  notation.  Any  undeclared  identifier  can  be  declared  an 
operation  constant  (OPCONST)  using  the  DECLARE  command.  With  proper  declaration  the 
following  are  TERMs: 


t U*-y , q ) 

CRN 

car  <x,y) 

IR0P0T.B0X1.  DOORI U ly  | Vx  P(g(«,y))l 
pouereet 

•term*  la  PLTI  <lnrtsy»>  | 

•appltern*  j 

•pro t I k tern*  | 

•int Intern* 

•eettern*  j 

«n_lup I • tern*  j 

•conptern*  j 

( <term>  I J 

ia  <appiop>  ( <teratiet>  ) 
ia  <preop>  «tern» 

■a  •tern*  <lntop>  «tere> 
i a I <ternllet>  I 

la  < •ternllit*  > 

la  I <lndvar>  | <ull>  I 

la  REP1I  .tern.  , 0PT(,J  J 


• ipp  I tern* 
•prel Intern* 
< Int Intern* 

• eet  tern. 
<n‘i  p le  tern* 
•conptern* 

•ter*' let* 


These  are  illustrated  above  and  may  be  used  at  any  time.  Other  additions  may  occur  from  time 
to  time. 

Of  course,  the  appropriate  restrictions  on  the  SORT*  of  the  arguments  of  the  OPSYMs  must  be 
met. 

AWFFs 


AWFFs  are  formed  similarly,  but  cannot  be  nested. 
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<4U If > 1 • 

flLTt 

«b.UAwH>  j 

* iipp  I Am  f f > j 

«pr#Awf  f > 

« inf  Am f f»  ) 

<b0000ul 1 > 

I * 

ALT!  «sonlsyn>  | 
*prod|)«r>  ] 

<opp I Owl l> 

I • 

«opplpr#d»  I <tora>lli|> 

<proowl 1 > 

I • 

<pr*pr«1»  <ltrm> 

< Inlowl  1 > 

I * 

<torir»  lnlprtd>  <tor«> 

lullh  PR  I TV  t 


Examples  of  AWFFs  are 

IM,UI<  IX|3Z.U<Za2(X| 

<»,b>  ■ It,  ln.bl I 

' cor (eon*  '«,yl I 

Equality  is  treated  as  any  other  predicate  constant,  but  the  system  knows  about  the 
substitution  of  equals  for  equals.  It  does  not  know  that  A*B  is  usually  interpreted  as  ^(A»B)  but 
treats  it  as  any  other  predicate  symbol. 

WFFs 


<wH»  mil  <»Unrf*rd  first  ordtr  logic  Iori»ul0>  | 

<vl»  i I0PT  «tubp»rl>l  (OPT  <iubt l_opor>l  I 

The  syntax  for  WFFs  allows  the  following  abbreviations  and  options. 
The  primitive  logical  symbols  are: 


<mH»  la  flLTt  < pr l nw  1 1 > | <prtwlf>  | < inlwl  (>  J 

<pr  tmul I > la  flLTt  <owll>  | <quantwli>  | ( <wll>  ) J 

<prtwll>  la  'pr«(oq>  <prlmull> 

< Inlwl  I > I.  <priinw<l>  < Ini  log > <prl«wlf> 

<qu«nlu((>  ia  •qusntprol  lx>  <ii*i|llull> 

<qu*nlppo  1 l»>  i.  flLTt  <quon(>  REPJI  <!ndvpr>  J . | 

( <qulnf  > REPlt  <lndvpr>  J ) J 
<11*10 1 I u 1 1 > la  REP8I  <prolog>  1 <prl*wH> 


ParriuW,  may  he  onulted  and  then  aviation  i,  to  I hr  right.  /},  i,  umal  conjunction  hind,  the 
hin/t*  J r?  ywrr *unF,u!n'.  e7u.Wiw*.  Negation,  a,  well  a,  hath  quantifier,, 

£(P<x»P(.  )),  r'K  ’ Uut  ix'P(x>sP(x)  «’«"  « C**-P(x))=>P(x)  Jo,  oa 


We  can  write  adjacent  quantifiers  of  the  same  type  together,  so  Vx.Vy,P(x,y)  can  be 
y.P(x.y).  FOL  also  accepts  (Vx)(Vy)P(x,y)  or  (Vx  y)P(x,y)  for  Vx.Vy.P(x.y) 


Vx 


Subparts  of  WFFs  and  TFRMs 


Within  a deduction  there  is  a completely  general  way  of  specifying  any  subpart  of  any  TERM  or 
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WFF  already  meimoiird.  We  accomplish  this  by  means  of  a SUBPART  designator.  Derivations 
consist  of  WFFs,  each  of  which  has  a LINENUM.  The  WFF  which  appears  on  this  line  is  designated 
by  following  it  with  a colon.  If 

16.  V*  y. (P ( I (> ) ) 30 (h (« ,y) ) ) 

Is  line  10  of  some  derivation  then  10:  represents  the  WFF  on  that  line,  l.e.  Vx  y (P(f(x))=Qfh(x,y))). 
Furthermore,  subparts  of  such  a WFF  can  be  designated  by  a SUBPART  designator. 

«»ubp*rl>  ia  RE P 1 C # <lnttq«r>  ] 

The  integer  denotes  which  branch  of  the  subpart  tree  you  wish  to  go  down.  Quantified  formulas 

and  negations  have  only  one  it ediate  subpart,  called  «1.  The  other  sentential  connectives  each 

have  two.  For  predicates  and  function  symbols  the  number  of  Immediate  subparts  Is 
determined  by  their  ARlTYs.  Any  conflict  with  these  will  produce  an  error.  Thus 

10i #1  • Vy.  <P<l<x)):>0<h<»,y>)) 

1 0 1 #?  • ERROR 

• hU.y) 

10 1 • ERROR  (P  hat  RR1TY  1). 

Substitution s in  W FFs  a n d TERMs 


OnCe  you  have  named  a WFF,  you  can  use  a substitution  operator  to  perform  an  arbitrary 
substitution. 


<tubtl_optr>  ■■  ( RE PI (<tubtl I 1 s 1 1 > . OPT  t it]  ) 

<tubtllltll>  !•  PIT!  <t*m>  ► <itra»  | <ul l>  * <hII>  ) 

Examples: 

I0i#l(». ROBOT]  . Vy . (P  t f (ROBOT) )dQ (h (ROBOT,  y) ) ) 

10i#l#lt<(»)aROBOTiQ(h(*,y))aP(»M  . P (ROBOT)  aP  ( k ) 

lOifimuitt uet#i#u?fwi>»R0B0T)  a robot 

10l#l l**l (y)J  • Vyi. (P(l(((y)))30(h(l(y),yl))). 

Not*:  the  *iih*litiitinn  operator  changed  the  hound  variable  in  the  latt  example.  Thi»  prevented  the  y in 
f(y)  from  hemming  bound.  See  teaion  on  euhMliluliont. 


WFFs  and  TERMs  thus  have  the  following  alternative  syntax: 

«ull>  la  xv  I > i OPT!  <tubparl>  OPT!  <iubil_optr>  )) 
l*rti>  ia  <vl»  i OPT  i <tubparl>  OPT t <tubtl_ apart  )) 


There  is  an  ambiguity  as  SUBPART  may  produce  only  a WFF  where  a TER  J is  necessary  (or  the 
other  way  around).  FOL  checks  for  this  and  will  not  allow  a mistake.  Such  a subpart 
designator  can  be  used  whenever  the  syntax  calls  for  a WFF  or  TERM. 
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Another  label  for  handling  well-formed  expressions  is  the  VL 

< v I > l*  ALTt  « lnt»qor>  | <l«b«l>  OPT IBLTt  ♦)-)  <lnl«q«r>)  | 

> | REPH-J  ) 

The  optional  * or  - <integer>  after  a label  designates  an  offset  from  the  mentioned  label  bv  the 
amount  designated.  7 

The  last  alternative  has  no  been  previously  mentioned.  Its  meaning  Is  the  n-th  previous  line 
where  n Is  the  number  of  signs.  6 previous  line. 
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Appendix  3 

AXIOMS  FOR  ZERMELO  FRAENKEL  SET  THEORY 


The  axioms  presented  here  and  in  appendix  4 are  examples  of  the  expression  in  FOL  of  the 
conventional  Zermelo-Fraenkel  and  Goedel-Bernays-von  Neumann  set  theories.  We  believe  that 
the  practical  use  of  set  theory  for  mathematical  and  computer  science  proofs  will  require  an 
extended  practical  system. 

DECLARE  PREOCONST  < 2I1NF), 

OECLARE  PREOCONST  c 2t)NF)| 

OECLARE  CPCONST  U 2()NF), 

DECLARE  INOVAR  rttuvuxyii 
DECLARE  PREOPAR  A 2 B 1| 

AXIOH  2F  i 


EXTi 

Vx  y . ( Vj . ( z ( x!2< yloxxy)  | 

X Extent Ion*  1 1 ly 

EtlTi 

3x.Vy.-y(x| 

r Null  tti 

PAIRi 

Vx  y . 3l . Vu. (u< 2Tuxxvuiy) ; 

X Unordtrtd  pilr 

UN  I ON i 

Vx.3y.V2.  (z.y?3t , <z<  lx  If  x))  ( 

X Suit  00 1 

INF. 

3x.  (Of  xxVy . (yf  xotyUlyl )(  x)  1 { 

Z Ini  Ini  ly 

REPLi 

V«.  3y  Vi.  (A  (x,2>-i|x2)  3 

Vu.  3v . (Vr . (rf v t 3s. <if u<A(t,r) 1 1)  | 

X Ropltcomonl 

SEPi 

Vx.3y.V2.  (2< y>2(  xf B (2 ) ) | 

7 Sopor* | ion 

POUERi 

Vx.3y.Vi. <2fytIC»)| 

X Power  tel 

RECi 

Vx.3y.  (x.0v(y<  xaVz.  (l<  xp-z.  y) ) ) 1 1 1 

X Rtyulor  1 ly 

7 Rtplictmtn.  It  tqu.voltnl  to  X 
7 Vx.  (3y.R(x,y)AVy  i . (A (x , y) aA (x, i Ijyxi ) ) j X 
7 Vu.  3v. (Vr.  <r( v 0 3*.  (|<U'A(«,r>) ) ) 7 
7 or  Vx.3(y.A(x,y)  3 Vu.  3v.  Vr.  (r.v  • 3o.  (0<uaA(t  ,r) ) ) X 

7 Sopor  A 1 1 on  It  t conttqutnct  ol  *nd  uetker  Iho.i  replOcuenl.  X 


X Oo I In l I l ont  7 

DECLARE  PREOCONST  FUN  1JNT0  2.PSUBSET  2IINF), 
DECLARE  OPCONST  rny  1 den  1| 

extort 


SUBSET  i 

Vx  y.  (xcyiVi.  (it  xsny)  1 1 

PROPSUBSETi 

Vx  y. (PSUBSET(x,yl«xcyA-xxyI| 

PAIRFUNi 

Vx  y 1 . <!(  Ix.yl Olxxvlxy) | 

UNITSETFUNi 

Vx,  ( Ixi  • lx,  xl  1 1 

OPAIRFUNi 

Vx  y . ( «x,y>.  1 1 x 1 , 1 x , y 1 1 ) | 

FUNCTION. 

Vu. (TUNIuloVi. (I.ud3x  y.  (lx<x,y>)lA 
Vx  y I.  (<x,y>. UA<x,i>ooy«i)  )| 

OOMAIN. 

Vu  x.  (xf dom(u) iFUN (ul x3y  2. (y. UAyixx , z>) ) 

RANCEl 

Vu  x.  (xf  rnq(u)fFIIM(u)A3y  X.  (y< UAyxt ,x>) I 

INTO. 

Vu  x . ( )NIO (u, xlrrny (ul«x)  | 

UNION. 

Vx  y 2.  l.-f  *|ly-7<  xv2<y)  | | 
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Appendix  4 

AXIOMS  FOR  GOEDEL-BERNAYS-VON  NEUMANN  SET  THEORY 


HOSTGENERRL  Clns*i 

OECIRRE  PREOCORST  Clfttt  Sol  li 

OEClflRE  PPEOCONST  . (C l»**,C last)  I INFI , 

OECIRRE  PPEOCONST  c (Sal , C loco)  IINF) , 

DECLARE  1NDVRR  fl  B C < ClAts.i  y u v u ( Sot| 

DECLARE  PREOCONST  Empty  Onoflany  (C  loot) ,0 njo Ini  (Cloti,Cl*tl> ) 

HXIDfl  NGRi 


XLRSSi 

Vi.C 1 A It  (l ) I 

ISSETi 

VR  B.  fA(  BsSa  1 CA) ) | 

EQUAL i 

VR  B C. ( (C(AiC(8>iAa|) | 

EriPTYi 

3i. Yu . -y< «i 

PAIRS) 

Vi  y . 3u  . Vv.  ( v(  ul  val  way)  | 

CLASS) 

EPIi 

3R.Vll  V.  («U,  VM  RlU(  v)  | 

INTi 

VR  fl  , 3C  . Vu.  (u<  Ciu<  A»u< B)  | 

COUP: 

vfl.3R.Vu.  (u< B('U<  R)  | 

PRO  J i 

VR  30.  Vu.  (u< B*3v. «u, v>< A) ) 

PROOi 

Vfl.3P.Vu  v.  («u,  > ><  Bfut  fl)  j 

COMVi 

VO  30.  Vu  v.  (»u,  v >r  Bkv.uxR)  | 

TRIli 

Vfl,3B.Vu  v h.  (<u,  v,u><  8i<v,m,u>(  A)  | 

TR 1 2i 

Vfl.3B.Vu  v h.  (»u,  v.ixfli.u.i,  vxfl)  1 1 

SET. 

INF  . 

3U.  (-Empty  (U)  AVv.  (V<US3U.  <1«UA-<VIMAVCM>  ) ’ | 

UNION! 

Vu.3v.Vu  1 . (u<  1 Al(  U3U(  v)  | 

POUERi 

Vu.3v.Vu. (mcu;m<v)| 

REPL. 

Vu  R.  (0n«H«ny  (R)d3v,  Vu.  (h<vi3i.  (i(ua<u,ix  R) ) ) ) ) 

FNDi 

VR,  (-Empty (H) p3u.  (u< AaQ l« joint (u, A) > > | 

ACi  3P  • (OntHany(R)AVu.  ("Ciplyiuljjv,  ( vc  ua<v,u>(  P) ) ) | | 
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Appendix  5 

INTUITlONISTIC  MODAL  LOGICS 


Modal  I ngir : 


The  best  known  mod.ihtirs  arc  ihc  so  called  Vrf/r,'  ones,  invnhing  V)  and 

possibility  My  Inn  many  oilier  senieiitial  operators  which  display  modal  i ham  Hr  istj,  s |,;ist  |,,i>n 
studied,  eg  C fo,  causality  film  k s.l'l5|)  K and  B for  knowledge  and  heliel  (lliultkl a l'»h>l.  |>  tor 
perception  (llintikka.l%'t)  These  latter  modalities  are  the  subject  of  intensive  leseawh  i-i  loric 
at  the  moment,  and  a t oniprehensive  semantics  has  been  evolved  for  some  of  thrni  (Kripkr  |%  | 
Hintikka.1%'1)  Their  are  still  many  difficult  problems,  especially  in  the  rase  of  ..iiamit  i,  alien 
into  modal  contexts,  where  the  traditional  rules  of  substitutability  of  equivalents  and  of 
existential  gemrali/aimn  do  not  seen,  to  hold.  Tins  has  led  10  a reformulation  of'  many 
ontological  notions  in  •|,iantif  icatinn  theory  (see.  for  example.  (Iliinikka.I'r.M  and  iloll.sdal  |%8) 


GVotr  I Itrt  I modal  — / rrahn  * nrr  c riurulinl  o,,rrn\ar .«  of  n roll, or  <rrriat  kind,  ton  W |>i  f tp\ ,, 
troso/i/e  in  rnrn,,l  mo, Ini  -/"rotors  nr  /#/>/>/ strt/r  lo  union  of  semeiiees  nr  fornmlor  oillnml  ,/ir 

l>nurrjtil  rrmnillir  s.i  see,  /or  r,nm/,lr  , Uonlngar,  l%3'> 


In  the  current  implementation.  the  user  may  define  non  standard  modal  systems  and  oneintnrs. 
Lewis  S4  and  S5.  Iliutikkas  KBK  and  KBB(e/>c/f)  are  already  available,  together  with  the 
operators  N(nrrrssnrily).  Mfnossjbly).  Kfkncws).  B(beltevrs). 


(a)  The  Classical  Systems  T.  S4  and  S!i 


von  Wright's  system,  T (von  Wright.1951)  is  got  from  LPC  by  adding: 

A5:  N.psp 

AG:  N fp=f|)  = (N.p  3 N.q) 

Lewis's  system  S4  (l.cwis.VLaiigford.1932)  is  got  from  T by  adding: 

A7:  N.p  = NN.p 

Lewis's  S5  by  adding: 

A 8:  M p 3 NM.p 

(b)  Natural  Deduction  Systems  of  Modal  Logic 

(1)  These  aie  based  on  minimal,  classical  and  intnitinnistic  logics: 

(2)  A formula  is  said  to  be  modal  if  its  principal  sign  is  a modal  sententi.il  operator: 

(3)  Necessity  systems: 


Prawiti  has  two  inference  rules  for  $4: 
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NI)  a NE)  N.a 


N.a  a 

and  a corresponding  deduction  rule  for  NI,  when  the  proof  nr  deduction  of  V depends  011/7  011 
modal  formulas 

In  S5,  N a=a  may  lie  inferred  also  w lien  every  formula  in  I lie  dependent  y set  is  either  a modal 
formula  or  the  negation  of  2 modal  formula,  begin  indent  5,0(4)  Possibility  systems: 

The  possibility  operator,  M may  be  added  by  means  of  the  rules 

Ml)  a ME)  M.a  & b 


M a b 

When  these  rules  me  .iilded,  the  dedm  lion  rule  for  NI  must  he  modified  to  he  similar  to  the  rule 

MF 

ill  the  classical  I esvis  systems.  M and  N may  be  iiiterdefined,  eg.  M.a=>'N-.a  and  N.a  3 'M-.a,  but 
ill  the  Prasviu  sysiem  tins  is  not  possible. 

The  syntax  fm  modal  fmmnlac  is  identical  to  that  of  standard  for lae,  except  that  WIT',  may 

be  preceded  liy  I or  more  modal  operators(aud  imbedded  -),  followed  hy  a " So  a period 


« mod.il  till*  ;■  « I pr • I 1 v > . prt»w(l> 

« »0ii4  | pr  • I * * * 19  • ttlanl  1 1 l#r>  1 , 


For  example.  NMN-MMNNMNMNM  A and  Vx.M  P(x)=MM.p(x)  are  well  formed 

When  scanning  lor  modal  formulae  is  turned  on  using  the  ‘THEORY’  command  (see  Section 
4 13),  the  following  rules  1 hen  become  available: 

NFC-I  <liue  iinmher),  NECE  <liiie-iiutuher> 

POSSI  <line-numher>,  POSSE  <liiie-miinber> 


as  defined  hy  the  conditions  above. (Note  carefully  the  dependency  restrictions) 


I 

I 
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